Attorneys  Joaquin  Gamboa  and  Marc  Lindsey 
say  cloud  computing  requires  new  tactics  to  get  the  right  license  at  the  right  price. 


COMPUTERWORLD 


Inside 


The  new  Chrome 
browser  is  the  latest 
weapon  in  Google's  plan 
to  replace  Windows 
with  the  Web. 

The  feds  may  finally 
be  getting  serious 
about  enforcing 
HIPAA’s  privacy  and 
security  rules. 

H-1B  critic 

Norman  Matloff  spells 
out  what's  wrong  with 
the  visa  program  and 
why  it’s  tough  to  be 
40  in  IT. 


Impeach  e-voting:  We 
can’t  trust  systems 
that  lack  paper-based 
backups. 


IT  workers  who  lie 
low  when  faced  with 
possible  layoffs  are 
reacting  in  exactly  the 
wrong  way. 

The  down  economy 
doesn't  mean  tough 
times  for  some  high- 
profile  CIOs. 


COMPUTERWORLD.COM 


UPTIME  COMES  STANDARD.  xeon 


fall.  I  Atesting  bottle¬ 
neck  results  in  a  shortage 


B  The  US.  Army  awards  iRobot : 
$200  million  contract  to  supply 


hopes  its  new  Chrome  browser  will 
launch  a  widespread  rejection  of 
Windows-based  systems. 

10  Feds  Finally  Put  Teeth 
Into  HIPAA  Enforcement.  A 

stringent  settlement  over  "possible 
violations"  of  HIPAA's  security  and 
privacy  rales  could  signal  the  end  of 
lax  enforcement  of  the  law. 


Without  the  right  license  at  the  right 
price,  cloud  computing  could  put 
your  company  and  your  job  at  risk, 
say  attorneys  Joaquin  Gamboa  and 
Marc  Lindsey. 

38  Security  Manager's 
Journal:  Building  a  Security 


Inside 


2  Editor’s  Note:  Scot  Finnic  Org  From  Scratch.  Coming  in 
sees  Google’s  Chrome  as  the  hist  as  the  security  gum  in  a  company 

shot  bred  in  a  war  over  platform  with  no  infosec  program  at  alt  is 

dominance,  and  a  clear  marker  of  a  great  opportunity.  Doing  it  twice 

thingstocome.  isevenbetter. 


18  Gathering  Green 

COVER  STORY:  We  suggest  some  low-hanging  fruit  for 
today  and  stretch  goals  for  tomorrow  that  will  help  you 
save  green  by  going  green. 


willing  to  entrust  democ¬ 
racy  to  electronic  systems 
that  lack  a  paper-based  backup. 

38  Paul  Olan  says  an  important 
part  of  your  job  as  a  manager  Is  to 
help  people  make  peace  with  the 
new  meaning  of  the  wont  job. 

44  Frankly  Speaking:  Frank 
Hayes  wonders  how  IT  will  deal  with 
Google's  Chrome,  which  he  sees  as 
the  front  end  for  a  Web-browsing 


m 


40  Career 
Watch:  $10  mil¬ 
lion  a  year?  Some 
,  IT  leaders  aren't 
hurting  at  all. 


42  Shark  Tank:  Apilotfish trying 
to  track  down  a  problem  with  custom 
software  comes  to  find  out  he's  miss- 


32  The  Power  of  One 

A  project  that  consolidated  13  billing  systems  into  one  is 
saving  Verizon  Wireless  $20  million  annually. 

34  How  to 
Save  Your  Job 


■  EDITOR’S  NOTE 

Scot  Finnie 


The  Next  Wave 


YOU  HAVE  TO  WONDER  whether  Tim  Berners- 
Lee,  inventor  of  HTTP  and  the  Web  browser,  had 
a  sense  of  where  it  all  would  lead.  All  these  years 
later,  does  anyone  know?  The  Web  is  the  invention 
that  keeps  on  giving. 


The  conception  of  the 
Web  browser  was  bril¬ 
liant,  but  the  browser  was 
a  relatively  simple  piece 
of  software.  All  the  more 
remarkable,  then,  that  it’s 
been  at  the  heart  of  a  se¬ 
ries  of  transforming  trends 
in  computing. 

Apparently,  that  trans¬ 
formation  isn’t  over.  For 
more  than  10  years,  experts 
have  predicted  the  end  of 
the  dominance  of  operating 
systems,  with  the  rise  of 
the  Internet  as  the  primary 
application  platform.  But 
the  pundits  were  early  to 
that  party,  we  have  never 
been  close  to  the  end  of  the 
dominance  of  Windows 
and  other  desktop  operat¬ 
ing  systems.  For  the  mo¬ 
ment,  Microsoft’s  mantra, 
"Control  the  platform  at 
the  operating  system,”  con¬ 
tinues  to  be  a  safe  strategy. 

But  if  ever  there  was  a 
beginning  of  the  end,  that 
moment  arrived  last  Tues¬ 
day  when  Google  released 
the  first  beta  of  its  Chrome 
Web  browser.  The  new 
product  is  being  designed 
from  the  ground  up  as  a 
next-generation  client  plat¬ 
form  for  enterprise  applica¬ 
tions  —  the  potential  client 
engine  for  software-as-a- 


service  products,  cloud 
computing  and  Web  2.0 
for  the  enterprise.  (See  the 
story  on  page  9,  Frankly 
Speaking  on  page  44,  and 
more  news,  reviews  and 
analysis  on  the  Web  at 
www.computerworld.com/ 

Google  claims  that  as  a 
multiplatform,  multiple- 
instance  browser  with  a 
powerful  JavaScript  com¬ 
piler,  Chrome  will  be  more 
reliable  and  use  memory 
more  efficiently  than  other 
browsers.  The  company 
promises  that  its  browser 
will  be  able  to  juggle  mul¬ 
tiple  applications,  block 
a  single  bad  app  from 
bringing  down  the  stack 
and  zip  through  JavaScript 
instructions.  It  should  also 
make  quick  work  of  AJAX 
and  other  Web  2.0-enabling 
technologies.  Many  of  those 
claims  echo  Microsoft’s 
descriptions  of  Windows 


■  The  beginning 
of  the  end  of  the 
dominance  of  the 


desktop  OS  may 
have  arrived  with 
Google’s  release  of 
the  Chrome  beta. 


3.1, 95  and  98.  Chrome  is 
bring  designed  to  run  Web 
apps  the  way  a  robust  oper¬ 
ating  system  does. 

That  may  sound  laugh¬ 
able  right  now.  As  intrigu¬ 
ing  as  Google  Docs  is,  for 
example,  it  offers  little  real 
competition  to  Microsoft 
Office  in  the  enterprise. 
But  current  Web  apps  are 
little  more  than  placehold¬ 
ers  for  what's  yet  to  come 
from  third-party  software 
providers.  The  power  and 
functional  reach  of  Web 
apps  takes  on  a  whole 
new  significance  when 
underpinned  by  a  robust 
browser-based  app  plat¬ 
form.  Chrome’s  release 
is  like  a  starting  flag  that 
tells  software  makers:  “Let 
the  development  begin.” 

That’s  why  Chrome  is 
more  than  just  a  shot  across 
the  bows  of  enterprise 
platform  and  application 
providers.  It’s  the  first  shot 
fired  in  a  war  about  to  be 
waged  over  platform  domi- 

it’s  welcome  support  for  the 
Web-based  direction  en¬ 
terprise  apps  are  taking.  As 
such,  it  will  have  complex, 
profound  and  unpredictable 
effects  on  enterprise  IT. 

So  far,  Google  has  done 


little  more  than  take  the 
initiative  to  show  the 
world  the  kind  of  browser 
that's  needed.  Chrome  is 
robust  enough  to  support 
the  browser-as-platform 
notion.  So,  does  Google 
want  to  own  the  platform, 
or  is  it  trying  to  goad 
browser  makers  into  de¬ 
livering  reliable,  robust 
products  that  can  spur  ap¬ 
plication  development? 

Many  observers  believe 
Google  is  after  the  whole 
enchilada,  but  I'm  not  so 
sure.  If  I  were  planning  to 
own  the  platform,  I'd  ship 
Chrome  with  a  killer  app, 
make  deals  with  OEM  PC 
makers  and  try  to  deliver 
a  finished  environment. 

I’d  be  able  to  showcase  my 
partners’  enterprise  appli¬ 
cations  taking  full  advan¬ 
tage  of  the  new  platform. 

Perhaps  Google  is  mind¬ 
ful  that  the  huge  market 
share  for  Internet  Explorer 
places  the  ball  firmly  in 
Microsoft’s  court.  How  will 
Microsoft  react?  Internet 
Explorer  8  as  currently  of¬ 
fered  in  Beta  2  is  no  match 
for  Chrome’s  underlying 
structure.  IE8,  like  most 
other  browsers,  is  primar¬ 
ily  an  application  and  only 
secondarily  a  platform  for 
Web  applications. 

So  there’s  a  lot  yet  to  un¬ 
fold.  But  Google  Chrome  is 
a  clear  marker  of  things  to 
come.  How  the  IT  vendor 
and  user  communities  re¬ 
act  may  be  more  important 
than  the  product  itself.  ■ 
Scot  Fkmto  is  Computer- 
world’s  editor  in  chief.  Tell 
him  what  you  think  at  scot_ 
finnie@computerworld.com. 


2  COMPUTE  RWORLD  SEPTEMBER  8.  2008 


TUESDAY:  Microsoft  plans  to  issue  four  critical  sei 


Gustav  Finds  IT  Execs 
Prepared  for  the  Worst 


the  last  employee  during  an 
emergency  evacuation. 

And  the  company’s  Web 


IURR1CANE  GUSTAV  running  in  emergencies.  from  New  Orleans, 

didn’t  hit  the  Gulf  The  intermediate  site  Tidewater  Inc.,  which 

Coast  as  hard  as  adds  a  third  level  of  backup  supports  oil  and  gas  explo- 

been  feared  last  week.  capabilities,  complementing  ration  and  production  corn- 

some  IT  managers  in  generators  in  Loyola’s  data  panies,  has  set  up  a  “totally 


Microsoft  Corp.  last  week 
announced  several  software 
licensing  changes  that  give 
IT  managers  and  end  users 
more  options  for  running 
Windows  Vista  in  desktop 

Effective  Jan.  1.  Microsoft 
will  expand  its  Vista  Enter¬ 
prise  Centralized  Desktop 
license  to  support  PCs  that 
end  users  buy  themselves 
with  company  stipends. 
Scott  Woodgate,  director  of 
Windows  product  manage¬ 
ment,  said  the  changes  to 
VECD  will  also  enable  IT 
managers  to  deploy  virtual 
Vista  desktops  to  the  PCs 
used  by  contract  workers. 

In  addition,  employees  will 
now  be  able  to  run  Vista  in 
virtual  machines  on  their 
home  PCs.  either  streamed 
from  a  server  or  loaded  from 
a  thumb  drive. 

But  Microsoft  will  continue 
to  require  a  VECD  license 
for  every  system,  no  matter 
how  little  the  virtualization 
option  is  used. 


ERIC  LAI 


Your  potential.  Our  passion. 

Microsoft 


Dell.com  is  one  of  the  world's  largest  and  most  advanced  e-commeroe 
sites.  As  a  technology  leader,  Dell  relies  on  Windows  Server* 2008 
for  the  flexibility  and  reliability  needed  to  support  a  mission-critical 
environment  where  downtime  is  not  an  option.  Get  the  full  story  at 

serverunleashed.com 


ft.  Windows  Server  20^ 

mror, m\ 

***** 


who  helps  greet  them  at  the  door? 


■  NEWS  DIGEST 


NEC’s  advanced  communications 
solutions  put  you  in  charge  when  it 
matters  most. 

Finally,  a  communications  solution  capable  of  providing  up-to-date  patient 
information  whenever  and  wherever  it  is  needed. 

NEC’s  Unified  Communications  provide  a  dynamic  and  realistic  connection  among 
individuals,  devices,  applications,  and  data.  Based  on  a  combination  of  innovative 
technologies  and  advanced  solutions,  its  mobility  and  flexibility  enables  people  to 
experience  greater  efficiency  and  productivity  -  in  any  industry. 

Integrated  IT  and  networking  solutions  like  these  have  made  NEC  a  world  leader, 
and  your  reliable  business  partner. 

Regardless  of  the  communications  solution  your  business  demands,  you  are 
assured  of  one  thing:  NEC.  Empowering  you  through  innovation. 

www.necus.com/necip 


IT  SERVICES  AND  SOFTWARE  NETWORKING  AND  COMPUTING  SEMICONDUCTORS  IMAGING  AND  DISPLAYS 


Empowered  by  Innovation 


NEC 


iRobot  supplied  products 
based  on  its  PackBot  robot. 

The  new  contract  covers 
all  iRobot  technologies. 

In  a  statement,  Joe  Dyer, 
president  of  Bedford,  Mass.-  | 
based  iRobot,  said  the  deal 
shows  that  the  Army  is 
continuing  to  find  ways  to 
use  robotic  technology  on 
the  battlefield,  “allowing 
troops  to  complete  missions  | 
successfully  while  keeping 
them  at  safe  distances"  from  | 
dangerous  situations. 

In  recent  months,  vari¬ 
ous  military  agencies  have 
invested  in  robotics  technol¬ 
ogy  for  the  battlefield. 

In  May,  the  U.S.  Army 
Research  Laboratory  in 
Adelphi,  Md.,  awarded  a 
$38  million  contract  to  BAE 
Systems  Inc.  to  design  and 


The  Valo  recall  co 
two  yaars  after  Sony  recalled 
miUiora  of  Its  laptop  batteries 
because  of  overheating  issues. 
Peter  Sayer, 

IDG  News  Service 


Sony  Corp.  last  week  ! 
recalled  438,000  Valo  TZ 
laptops  because  of  a  possible 
manufacturing  defect  that  may  ! 


NEWS  ANALYSIS  ■ 


Google  Adds 
A  Weapon  in 
Its  Battle  to 
Kill  Windows 

Chrome  browser  promises  to 
provide  a  significant  perfor¬ 
mance  boost  to  online  apps. 

By  Heather  Havenstein 


Last  weeks  unveil¬ 
ing  of  a  new  browser 
is  the  latest  in  a 
series  of  moves  by 
Google  Inc.  to  rid  the  world 
of  Microsoft  Windows,  ac¬ 
cording  to  analysts. 

In  fact,  said  Matt  Rosoff, 
an  analyst  at  Directions  on 
Microsoft  in  Kirkland,  Wash., 
the  new  Chrome  browser 
could  be  the  key  component 
of  Google's  plan  to  convince 
consumers  and  business 
users  to  replace  Windows- 
based  software  with  hosted 
Web  applications. 

“This  is  the  potential 
threat  that  Microsoft  has 
been  worried  about  since 
the  1990s,”  Rosoff  said. 

“This  is  Google  trying  to 
really  push  applications  to 
the  Web  and  make  that  the 
way  people  do  computing.” 

Google  began  offering 
a  beta  version  of  the  new 
open-source  browser  on  its 
Web  site  last  week. 

Chrome  includes  a  new 
high-performance  JavaScript 
engine  and  Google  Gears, 
which  will  let  users  store  and 
access  Web  applications  off¬ 
line.  The  browser  is  powered 
by  the  WebKit  open-source 


rendering  engine,  also  used 
in  Apple  Inc.’s  Safari  brows¬ 
er,  and  includes  unspecified 
Firefox  components. 

At  a  press  briefing,  Sergey 
Brin,  co-founder  and  tech¬ 
nology  president  at  Google, 
said  he  expects  Chrome  to 
serve  as  a  strong  vehicle  for 
running  Web  applications. 
“I  wouldn't  call  Chrome  the 
OS  of  Web  apps,”  Brin  said. 
“It's  a  very  basic,  fast  engine 
to  run  Web  apps.” 

Google  likely  won’t  posi¬ 
tion  Chrome  simply  as  a 
competitor  to  established 


browsers  from  vendors  like 
Microsoft,  Mozilla,  Apple 
and  Opera  Software,  noted 
Ray  Valdes,  an  analyst  at 
Gartner  Inc. 

“It’s  about  the  Web  apps 
battle,”  Valdes  said.  “It’s 
about  having  a  platform  that 
will  support  the  next  gen¬ 
eration  of  Web  apps.” 

Google  spent  two  years 
making  sure  its  system  could 
overcome  the  growing  inabil¬ 
ity  of  current  technologies  to 
run  new  online  applications. 
It  was  “definitely  a  strategic 
initiative,”  Valdes  said. 

Earlier  steps  in  Google’s 
long-term  plan  to  kill  Win¬ 
dows  include  the  2006 
launch  of  the  Google  Apps 
hosted  applications  suite. 
That  offering  includes  the 
Google  Docs  collaboration 
tool,  Gmail  e-mail  software, 
Google  Calendar,  the  Talk 
instant  messaging  and 
voice-over-IP  application, 
and  the  Sites  wiki  service. 

Google  is  also  expected  to 
soon  unveil  an  online  stor¬ 
age  offering. 

Corporate  IT  managers 
have  so  far  been  unenthusi- 
astic  about  replacing  pack¬ 
aged  software  with  Google’s 
Web-based  offerings.  Robert 
Ford,  CIO  at  Virgin  Enter¬ 
tainment  Group  Inc.,  said 
Chrome  likely  won’t  change 


that  view,  at  least  at  Virgin. 

Although  Chrome  is  im¬ 
pressive,  “there  would  have 
to  be  astronomical  perfor¬ 
mance  improvements  for  us 
to  switch,"  Ford  said. 

He  noted  that  IE  is  the 
Los  Angeles-based  retailer's 
corporate  standard,  and 
developers  there  are  expert 
in  Microsoft  .Net-based 
technologies.  “I  don’t  see 
any  reason  to  challenge  our 
IE  standard,"  Ford  said.  '‘I’d 
have  to  make  sure  Chrome 
worked  well  with  all  of  our 
other  apps.  What  is  the  busi¬ 
ness  value  in  that?” 

In  a  statement.  Dean 
Hachamovitch,  IE  general 
manager  at  Microsoft,  said 
the  company  expects  most 
users  to  continue  turning 
to  Internet  Explorer,  which 
holds  about  72%  of  the 
browser  market,  according 
to  Net  Applications  Inc., 
an  Aliso  Viejo,  Calif.-based 
Web  metrics  research  firm. 

Sheri  McLeish,  an  analyst 
at  Forrester  Research  Inc., 
said  that  Chrome  “is  not 
compelling  enough  to  erode 
Microsoft’s  dominance.  Too 
many  IT  shops  are  comfort¬ 
able  with  IE.” 

McLeish  noted  that  per¬ 
suading  users  to  switch 
browsers  is  a  difficult  task 
for  any  vendor.  Even  Micro¬ 
soft  has  faced  challenges 
getting  users  to  upgrade  to 
new  versions  of  IE,  she  said. 

Rosoff  added  that  Google 
also  faces  a  significant  chal¬ 
lenge  in  finding  ways  to  dis¬ 
tribute  the  new  browser. 

"Google  is  a  powerful 
brand,  but  they  do  need  a 
way  to  distribute  the  brows¬ 
er,”  he  noted.  PC  makers,  an 
obvious  potential  distribu¬ 
tion  path,  may  be  wary  of 
replacing  Windows  with 
Web-based  applications.  ■ 
Erie  Lai.  Oragg  Keizer  and 
the  IDG  News  Services'  Juan 
Carta  Paraz  contributed  to 
this  story. 


SEPTEMBER  8, 2008  C0MPUTERW0R10  • 


■  NEWS  ANALYSIS 


ally 
Put  Teeth 
Into  HIPAA 
Enforcement 

Three  years  after  the  federal  law’s  rules 
on  securing  health  care  data  took  effect, 
HHS  has  issued  its  first  ‘corrective 
action  plan.’  By  Jaikumar  Vijayan 


laptops,  optical  discs  and  backup  tapes 
containing  the  unencrypted  medical 
records  of  more  than  386,000  Provi¬ 
dence  patients.  On  several  occasions 
in  2005  and  2006,  equipment  was 
reported  missing  after  workers  took  it 
out  of  the  office  with  them. 

Under  the  CAP,  Providence  has  to 
revamp  its  security  policies  to  include 
physical  protections  for  portable 
devices  and  for  the  off-site  transport 
and  storage  of  backup  media.  It  also  is 
required  to  implement  technical  safe¬ 
guards,  such  as  encryption  and  pass¬ 
word  protection.  And  the  not-for-profit 
health  system,  which  has  operations 
in  five  western  states,  must  conduct 
random  compliance  audits  and  submit 
compliance  reports  to  HHS  for  the 
next  three  years  (see  box,  next  page). 

In  addition,  the  agreement  calls  for 
Providence’s  chief  information  secu¬ 
rity  officer  to  personally  validate  that 
all  required  policies  have  been  put 
in  place  and  that  all  employees  have 
been  trained  on  adhering  to  them.  The 
CISO  also  has  to  attest  that  all  backup 
media  and  portable  devices  contain¬ 
ing  health  information  protected  by 


HIPAA  are  properly  secured. 

Significantly,  the  CAP  precludes 
Providence  Health  from  contesting 
the  validity  of  or  appealing  any  of  its 
obligations  under  the  agreement.  The 
settlement  is  getting  considerable  atten¬ 
tion  within  the  health  care  industry  be¬ 
cause  of  the  tough  terms  and  conditions 
that  the  deal  imposed  on  the  provider. 

"The  CAP  gives  us  some  indica¬ 
tion  that  the  bar  is  being  raised  when 
it  comes  to  HIPAA  compliance,”  said 
Lisa  Gallagher,  director  of  privacy  and 
security  at  the  Healthcare  Informa¬ 
tion  and  Management  Systems  Society 
(HIMSS)  in  Chicago.  “This  is  a  fairly 
serious  corrective  action  plan." 

Gallagher  added  that  the  deal  with 
Providence  sends  a  clear  message  to 
other  health  care  providers  that  HHS 
is  finally  cracking  down  on  HIPAA 
violators,  after  having  been  accused  of 
lax  enforcement  in  the  past. 

The  harder  line  is  in  keeping  with 
an  announcement  in  January  that  the 
Centers  for  Medicare  &  Medicaid  Ser¬ 
vices  (CMS),  the  HHS  unit  responsible 
for  administering  the  HIPAA  security 
rules,  had  hired  Pricewaterhouse- 
Coopers  to  conduct  audits  on  its 
behalf.  At  the  time,  the  CMS  said  it 
planned  to  do  10  to  20  audits  this  year 
at  organizations  that  had  been  the 
target  of  complaints  about  their  data 
security  practices. 

According  to  Gallagher,  the  CMS  is 
expected  to  release  findings  from  those 
audits  early  next  year.  It  also  plans  to 
highlight  violation  trends  and  provide 
guidance  on  the  biggest  problems  that 
health  care  providers  are  having  in 
implementing  the  controls  required  by 
HIPAA.  “As  far  as  I  know,  they  are  un¬ 
der  way  with  these  audits,”  she  said. 

Gallagher  also  expects  the  CMS  to 
start  working  more  closely  on  enforce¬ 
ment  with  the  HHS  Office  of  Civil 
Rights,  which  administers  the  data 
privacy  rules  set  by  HIPAA. 

As  of  press  time,  the  CMS  had  yet  to 
respond  to  questions  that  were  sent  via 
e-mail,  as  an  agency  spokesman  had 
requested.  Providence  officials  also 
asked  that  questions  be  sent  via  e-mail 
but  also  hadn’t  responded. 

Peter  MacKoul,  president  of  HIPAA 
Solutions  LC,  a  consulting  firm  in  Sug¬ 
ar  Land,  Texas,  agreed  with  Gallagher 
that  the  Providence  settlement  was  a 


dramatic  example  of  the  potential  con¬ 
sequences  of  HIPAA  violations. 

“If  you  look  at  what  they’re  being 
forced  to  do,  it’s  scary,”  he  said.  “They 
have  lost  their  ability  to  contest  any¬ 
thing;  there’s  no  way  of  getting  out  of 
this  agreement.  And  this  is  the  best 
deal  they  could  get.” 

MacKoul  added  that  while  Provi¬ 
dence  was  audited  for  data  security 
violations,  many  of  the  corrective  ac¬ 
tions  it  is  being  required  to  implement 
fall  into  the  privacy  realm,  showing 
that  HHS  is  making  little  distinction 
between  privacy  and  security  for  com¬ 
pliance  purposes. 


And  based  on  the  terms  of  the  CAP. 
organizations  that  have  to  comply 
with  HIPAA  shouldn't  be  lulled  into 
complacency  by  the  previous  lack  of 
enforcement,  MacKoul  warned.  “If  I 
were  a  covered  entity,  I  wouldn't  want 
to  roll  the  dice  and  get  caught  up  in 
something  like  this,"  he  noted. 

The  resolution  agreement  does 
appear  to  be  a  belated  attempt  by  HHS 
to  get  the  health  care  industry  to  take 
HIPAA  more  seriously,  said  Chris 
Apgar,  president  of  consulting  firm 
Apgar  &  Associates  LLC  in  Portland, 
Ore.  “I  think  it’s  about  time  they  used 
somebody  as  an  example,”  he  said. 

Even  so,  it’s  unrealistic  to  expect  a 


large  increase  in  the  number  of  HIPAA 
enforcement  actions  in  the  near  term, 
according  to  Apgar  and  other  analysts. 
Such  actions  are  triggered  only  when 
complaints  are  lodged  against  organi¬ 
zations.  HHS  has  no  HIPAA  cops  who 
are  actively  looking  for  violations,  and 
health  care  providers  aren't  required  to 
report  internal  violations  themselves. 

Also,  neither  the  CMS  nor  the  HHS 
Office  of  Civil  Rights  has  anywhere 
near  the  resources  or  the  funding 
needed  to  investigate  all  of  the  com¬ 
plaints  that  are  filed.  As  a  result, 
examples  such  as  the  settlement  deal 
with  Providence  will  likely  continue 
to  be  more  the  exception  than  the  rule, 
Apgar  said. 

In  fact,  one  of  the  primary  reasons 
why  Providence  was  investigated  in  the 
first  place  no  doubt  was  the  publicity 
generated  by  the  incidents  involving 
lost  IT  equipment,  said  Randy  Yates, 
director  of  security  at  Memorial  Her¬ 
mann  Healthcare  System  in  Houston. 

“Once  something  that  large  hits  the 
media,  the  government  is  bound  to  do 
something,”  Yates  said.  “[The  CAP] 
puts  out  a  message  that  says.  ’We  see 
this  thing,  and  we  don’t  like  it'  ” 

Often,  enforcement  actions  are  im¬ 
portant  because  they  get  the  attention 
not  just  of  those  in  charge  of  imple¬ 
menting  privacy  and  security  policies, 
but  also  of  those  who  control  the  purse 
strings  within  organizations.  Last  year, 
for  instance,  the  audit  at  Piedmont 
Hospital  contributed  to  the  approval  of 
a  S1.3  million  budget  item  for  data  en¬ 
cryption  at  Memorial  Hermann. 

But  if  the  investigations  are  as  spo¬ 
radic  as  they  have  been  in  the  past,  the 
buzz  generated  will  fade  away  quickly, 
said  Christopher  Paidhrin,  IT  security 
officer  at  ACS  Healthcare  Solutions,  a 
Dearborn,  Mich.-based  unit  of  Affili¬ 
ated  Computer  Services  Inc. 

Paidhrin  noted  that  the  Piedmont 
audit  last  year  initially  raised  a  con¬ 
siderable  amount  of  concern  among 
health  care  providers.  But  most  of  that 
concern  eventually  melted  away  when 
the  expected  increase  in  enforcement 
actions  failed  to  materialize.  The  same 
thing  will  likely  happen  in  the  after- 
math  of  the  Providence  Health  settle¬ 
ment,  he  said  —  unless  HHS  takes 
additional  actions  elsewhere  and  publi¬ 
cizes  them  to  the  same  extent.  ■ 


SEPTEMBER  8,  2008 


The  longtime  H-1B  nemesis  talks 
about  what’s  wrong  with  the 
program,  why  it’s  tough  to  be  40 
in  FT,  and  what  he  tells  computer 
science  students. 


tfcm?  I’m  very  deeply  immersed  in  the 
Chinese  immigrant  community  [Mat- 
loff  speaks  Mandarin,  and  his  wife  is 
an  immigrant  from  Hong  Kong]  and 
saw  a  lot  of  people  that  were  hired  on 
H-l  visas  [the  predecessor  of  the  H-1B 
program]  who  were  not  really  good.  So 
I  had  suspicions. 


12  C0MPUTERW0RLD  SEPTEMBER  8, 2008 


Continued  on  page  14 


Imagine  a  World  Without  Choice 


■  THE  GRILL  NORMAN  MATLOFF 


In  many  cases, 
the  parents  in 
Silicon  Valley 


ing  their  kids  not  to  go  into 
the  [IT]  held  because  they 
know  what’s  going  on. 


Continued  from  page  12 

community  put  pressure  on  you  to  favor 
more  relaxed  policies  on  immigration? 

People  who  are  immigrants  are  harmed 
by  H-lBs  just  like  the  natives  are,  even 
the  ones  who  are  originally  H-lBs.  The 
minute  they  get  a  green  card,  they  are 
somewhat  less  employable,  and  when 
they  hit  age  35  and  40,  they  are  a  lot  less 
employable,  just  like  the  natives  are. 

I  wil  assume  you  haw  some  foreign  stu¬ 
dents  in  your  computer  science  classes.  At 

the  undergraduate  level,  the  number  of 
foreign  students  is  small.  The  graduate 
level  is  different.  This  was  all  planned 
for  by  the  National  Science  Foundatioa 
Their  concern  was  that  Ph.D.  salaries 
were  too  high,  and  they  said  that  they 
were  going  to  remedy  it  by  bringing  in 
a  lot  of  foreign  students.  Swelling  the 
labor  pool  will  reduce  the  salaries  or 


reduce  the  growth  in  salaries,  and  that 
was  at  the  same  time  NSF  was  pushing 
Congress  to  enact  the  H-1B  program. 
NSF  also  said  at  the  time  that  by  limiting 
salaries,  Americans  would  be  dissuaded 
from  pursing  graduate  degrees  and,  of 
course,  that's  exactly  what  happened.  So 
now  you  see  only  50%  of  the  Ph.D.s  in 
computer  science  go  to  Americans. 

How  do  you  reconcile  your  views  with  your 


at  your  univoraity?  I  don’t  think  there  is 
anything  to  reconcile,  for  two  reasons. 
Why  should  I  blame  them  for  wanting 
to  do  this?  It’s  attractive  to  them.  Our 
national  policy  has  made  it  available 
to  them.  There  is  no  reason  to  hold  it 
against  them.  The  second  reason  is,  I 
have  always  been  strongly  in  favor  of 
rolling  out  the  immigration  red  carpet 
for  people  who  are  the  so-called  best 
and  the  brightest  —  although  I  definite¬ 
ly  do  not  say  that  anybody  who  has  a 
Ph.D.  is  the  best  and  the  brightest.  And 
for  the  ones  who  are,  I’ve  gone  out  of 
my  way  to  help  them  get  jobs  in  Silicon 
Valley  and  elsewhere. 

But  how  do  you  sort  it  out?  How  do  you 
determine  who  are  the  best  and  the 
brightest?  A  lot  of  people  are  not  aware 
of  this,  but  there  is  already  a  policy. 

For  temporary  visas,  there  is  the  visa 
named  0-1  [for  aliens  of  extraordinary 
ability  and  achievement],  and  for  green 
cards  you  have  the  three  levels  [with 
EB-1  designated  for  those  demonstrat¬ 
ing  the  most  talent  in  a  particular  area]. 

What  would  the  H-tB  program  look  like  in 
your  model?  It  would  be  a  lot  smaller, 
way  smaller  —  and  the  criteria  for  qual¬ 
ifying  would  look  similar  to  the  EB-1. 


The  presidential  candidates  aH  seam  to 
support  the  H-1B  program.  And  Congress 
would  have  increased  the  cap  last  year, 
had  it  reached  an  agreement  on  immigra¬ 
tion  reform.  H  seems  as  If  you  are  fighting 
a  losing  bathe.  How  would  you  define 
success  at  this  point?  There  are  degrees 
of  success.  A  glass-is-half-full  point  of 
view  would  be,  “Gee,  we’ve  held  them 
off  this  long  [from  a  cap  increase];  that's 
pretty  good.”  It’s  a  success  of  a  sort  On 
the  other  extreme,  you  restore  H-1B  to 
the  original  intention  of  just  bringing 


in  the  best  and  the  brightest.  But  what 
would  be  a  realistic  goal?  A  realistic 
goal  is  part  of  the  Durbin-Grassley  Act 
[the  U.S.  Senate’s  H-1B  and  L-l  Visa 
Fraud  and  Abuse  Prevention  Act,  spon¬ 
sored  by  Sens.  Dick  Durbin  (D-I1L)  and 
Chuck  Grassley  (R-Iowa)].  By  far  the 
most  important  pan  of  the  bill  is  to 
redefine  prevailing  wage.  Currently,  the 
employers  by  statute  are  required  to 
pay  prevailing  wage,  but  the  definition 
of  prevailing  wage  is  full  of  loopholes. 
The  Dubin/Grassley  bill  would  fix 
that  by  setting  a  definition  of  prevail¬ 
ing  wage  that  really  would  make  it  the 
market  wage. 

The  second  most  important  aspect  of 
the  bill  is  it  would  take  the  current  re¬ 
strictions  on  H-lB-dependent  employ¬ 
ers  [those  that  have  a  significant  num¬ 
ber  of  H-1B  workers  on  staff]  and  make 
them  applicable  to  all  H-1B  employers. 

There  are  several  restrictions  on 
H-lB-dependent  employers.  The  one 
that  would  be  the  most  important 
would  be  an  anti-layoff  provision. 
H-lB-dependent  companies  are  not  al¬ 
lowed  to  hire  any  H-1B  workers  within 
90  days  of  a  layoff,  either  prior  or  after¬ 
ward.  That  restriction  under  the  Grass- 
ley/Durbin  bill  would  apply  to  all  H-1B 
employers,  and  that  would  be  some¬ 
thing  that  would  be  really  worth  hav¬ 
ing.  Employers  would  also  be  required 
to  try  to  hire  Americans  first.  The  im¬ 
pact  would  be  giant.  They  wouldn’t  be 
able  hire  H-lBs  as  cheap  labor. 

You  hare  written  that  computer  science 
departments  must  be  honest  with  stu¬ 
dents  regarding  career  opportunities  in 
the  field.  What  do  you  tell  students  today? 

1  am  chair  of  our  undergraduate  cur¬ 
riculum  committee,  and  every  year  I 
give  a  presentation  to  high  school  se¬ 
niors  and  their  parents.  I  tell  them  that 
things  are  fairly  good  for  new  gradu¬ 
ates  right  now,  [though]  they  aren’t 
nearly  as  good  as  they  were  in  the  late 
1990s.  But  once  you  are  out  10  years 
or  so,  then  you've  got  to  be  nimble.  It’s 
much  harder  to  find  work  after  you 
have  been  in  the  field  for  10  years  or 
so.  A  lot  of  the  parents  themselves  are 
engineers.  In  many  cases,  the  parents 
in  Silicon  Valley  are  encouraging  their 
kids  not  to  go  into  the  field  because 
they  know  what’s  going  on. 

—Interview  by  Patrick  Thibodeau 


COMPUTEaWORLD  SEPTEMBER  8.  2008 


Ostriches  have  brains  smaller  than  their  eyes. 


They  can’t  always  process  what  they  are  seeing. 

But  you  can  With  proven  information  management  software  from  SAS. 


(\Qaq  tphoewER 

OUO  TO  KNOV 


■  OPINION 

Sharon  Machlis 


Let’s  Impeach 
E-voting 


WERE  SOFTWARE  PATCHES  that  didn’t 
fix  problems  but  instead  changed  results 
applied  to  electronic  voting  machines  in  two 
Georgia  counties?  Were  the  patches  applied 
at  the  instruction  of  a  top  Diebold  executive,  without  informing 
local  election  officials? 


This  charge  has  been 
leveled  several  times  since 
a  rather  surprising  election 
in  which  two  Democratic 
candidates  had  comfort¬ 
able  leads  in  polls  just  be¬ 
fore  Election  Day  yet  lost 
by  substantial  margins. 

Of  course,  there's  a  strong 
correlation  between  your 
degree  of  suspicion  of  those 
results  and  which  party  you 
support.  But  we  should  all 
be  frightened  if  there's  no 
way  to  prove  that  tampering 
didn't  occur.  And  when  vot¬ 
ing  machines  are  electronic, 
paperless  and  proprietary, 
it's  all  but  impossible  to  do  a 
recount  or  check  for  errors 
in  a  way  that  can  uncover  a 
malicious  hack  (or  honest 
mistake).  Tech  professionals 
across  the  political  spec¬ 
trum  should  be  unhappy 
with  that  kind  of  system. 

Election  consultant 
Chris  Hood  told  Rolling 
Stone  magazine  that  he 
was  working  for  Diebold 
in  Georgia  in  2002  when 
the  head  of  the  company’s 
election  division  arrived 


to  distribute  a  patch  to 
workers.  That  code  was 
applied  to  only  about  5,000 
machines  in  two  counties. 
Hood  says  it  was  an  unau¬ 
thorized  patch  that  was  kept 
hidden  from  state  officials. 
(Diebold  says  the  state  ap¬ 
proved  the  update,  although 
state  officials  have  since 
asked  for  more  informa¬ 
tion  on  the  patch’s  effect.) 

The  Georgia  allegations 
are  disturbing  but,  sadly, 
not  unique.  An  attorney  and 
IT  security  consultant  last 
month  cited  that  incident  to 
renew  challenges  to  2004 
Ohio  elections,  which  had 
a  similar  mix  of  paperless 
Diebold  machines  and  sta¬ 
tistically  curious  results. 

In  Alabama,  questions 
linger  about  a  supposed 


■  There’s  a  simple 


this:  paper  ballots 
that  are  scanned 


and  counted  by 
machines. 


“glitch”  that  caused  of¬ 
ficials  to  change  the  winner 
of  the  governor’s  race  six 
years  ago;  a  research  paper 
presented  to  the  Alabama 
Political  Science  Asso¬ 
ciation  later  described  the 
new,  changed  results  as  sta¬ 
tistically  “anomalous”  and 
outlined  a  possible  scenario 
of  vote-counting  fraud. 

Paper  isn't  perfect,  as 
Florida’s  “hanging  chad” 
fiasco  of 2000  painfully 
demonstrated.  And  paper 
systems  aren’t  necessarily 
100%  secure;  it’s  certainly 
possible  to  destroy  or  alter 
paper  ballots  locally.  But 
unprecedented  statewide 
and  even  nationwide 
tampering  with  elections 
is  theoretically  possible 
when  a  company  controls 
the  counting  devices  with¬ 
out  the  independent  verifi¬ 
cation  that  paper  receipts 
provide. 

Without  paper  ballots, 
there’s  no  way  for  candi- 

contest  a  suspicious  result, 
since  each  person’s  action 


ie  C0MPUTERW0RLD  SEPTEMBER  8, 2008 


must  remain  anonymous. 

There’s  a  simple  answer 
to  all  of  this:  paper  bal¬ 
lots  that  are  scanned  and 
counted  by  machines.  Au¬ 
tomated  ballot  counting  is 
much  quicker  than  manual 
counting,  but  retallying  by 
hand  is  still  possible  should 
the  results  be  doubted. 
These  systems  have  the 
added  benefit  of  being  able 
to  easily  process  large 
numbers  of  voters  when 
turnout  is  unusually  high, 
preventing  hours-long 
waits  at  polls  due  to  a  lack 
of  functioning  machines. 
It's  a  lot  easier  to  ramp  up 
for  an  unexpected  crowd  if 
all  you  have  to  do  is  hand 
out  more  paper  ballots. 

If  election  officials  insist 
on  an  electronic  system, 
they  should  require  a  pa¬ 
per  printout  that  voters 
can  verify  and  deposit  in  a 
secure  storage  area.  Those 
paper  ballots  can  then  be 
counted  by  hand  if  need 
be,  and  electronic  results 
can  be  confirmed. 

Those  of  us  who  vote 
on  paperless  machines, 
whether  with  touch  screens 
or  levers,  can  never  be  con¬ 
fident  that  our  votes  will 
be  properly  submitted,  reg¬ 
istered  and  counted.  That 
leaves  our  elections  under 
perpetual  suspicion,  which¬ 
ever  candidates  prevail 

It’s  time  to  outlaw  any 
voting  machine  that  doesn’t 
offer  the  possibility  of  a 
paper-based  recount.  ■ 
Sharon  Machlis  is  the  man¬ 
aging  editor  of  Computer- 
world.com.  You  con  reach 
heratsharon_machlis@ 
computerworid.com. 


FITS  NICELY  WHERE  ALL  THOSE  SERVERS  USED  TO  BE. 


RUN  WITH  IT  AT  MOREINTEROP.COM 


Novell. 


i  |V 

*.».  . .  1 

V  w  'i*  ' 

If  v  »  V 


uathcriim 


LOW-HANGING  FRUIT 
FOR  TODAY  AND 
STRETCH  GOALS 
FOR  TOMORROW, 
TO  SAVE  YOU  GREEN 
BY  GOING  GREEN. 


CHIEF  Technology 
Officer  Arvind 
Thapar  wants  to 
bring  new  green 
technology  to  his 
company,  but  his 
proposed  initia¬ 
tive  —  installing  wind  turbines  to 
generate  power  —  is  decidedly  out¬ 
side  the  usual  realm  of  IT. 

Thapar  is  still  preparing  his  formal 
pitch  to  First  National  of  Nebraska, 
the  Omaha-based  financial  services 
firm  where  he  works,  but  he  says 
initial  reaction  to  the  idea  has  been 
positive  —  something  he  wouldn’t 
have  expected  five  years  ago. 

His  experience  clearly  shows  the 
shifting  winds  of  our  times. 

Leading  businesses  are  looking  for 
ways  to  get  green.  Some  are  motivat¬ 
ed  by  concern  for  the  planet;  others 
by  the  cost  savings  or  the  marketing 
advantages  that  can  come  from  more 
environmentally  friendly  policies. 
Often,  they’re  driven  by  a  combina¬ 
tion  of  factors.  In  any  event,  IT  has  a 
key  role  to  play. 

Here’s  a  checklist  of  suggestions 
from  Computerworld’s  Top  Green 
IT  2008  winners,  to  get  you  started 
and  keep  you  moving  in  a  greener 
direction. 

Low-Hanging  Green  Fruit 

Limit  paper  use. 

I  The  paperless  office  is  still  a 
I  dream.  Each  year,  the  U.S.  goes 
M.  through  4  million  tons  of  copy 
paper,  2  billion  books,  350  million 
magazines  and  25  billion  newspa¬ 
pers.  This  can  lead  to  deforestation, 
and  the  paper  manufacturing  proc¬ 
ess  produces  carbon  dioxide. 

But  IT  can  take  simple  steps  to  cut 
corporate  paper  use. 

London-based  BT  Group  PLC 
moved  printers  from  desktops  to 
central  locations.  That  forces  work¬ 
ers  to  get  up  when  they  want  to 
retrieve  printed  material  —  which 
helps  deter  excess  printing,  says 
Donna  Young,  BT  Group’s  head  of 


been  printed  so  they  can  spot  excess 
usage  and  try  to  curb  it,  says  CEO 
Larry  O’Connor. 

2  Buy  renewable  energy. 

This  is  an  easy  one:  Contact 
your  power  company  to  see 
if  it  offers  electricity  from  re¬ 
newable  energy  sources  (many  do), 
such  as  wind  or  solar  power,  says 
Austin  Energy  CIO  Andres  Carvallo. 

There  are  a  few  caveats,  though. 
Unless  you  can  persuade  the  facilities 
folks  to  get  green  energy  for  the  en¬ 
tire  company,  you  might  have  to  limit 
it  to  just  the  data  center  (where  CIOs 
usually  have  more  control  over  power 
supplies).  You’ll  also  have  to  persuade 
the  finance  people  to  shell  out  a  little 


IT  staff  also  set  printers  to  automati¬ 
cally  use  both  sides  of  the  paper. 

Other  World  Computing  in  Wood- 
stock,  Ill.,  controls  paper  use  by 
sending  managers  reports  of  whit’s 


Carvallo  says  green  energy  usually 
carries  a  premium  —  Austin  Energy 
charges  20%  extra  for  it  —  although 
many  power  companies,  including 
his  own,  lock  in  the  price  for  multiple 
years,  which  means  your  green  pow¬ 
er  could  soon  be  cheaper  than  elec¬ 
tricity  from  conventional  sources. 

3  l)se  power  management  tools. 

The  nonprofit  Climate  Sav¬ 
ers  Computing  Initiative 
estimates  that  using  power 
management  features  for  desktop 
computers  can  save  more  than  600 
kilowatt-hours  of  electricity  and 
about  $60  annually  in  energy  costs 
per  computer.  Multiply  that  by  the 
hundreds  —  or  thousands  —  of  PCs 
you  have  in  your  IT  shop,  and  you 
can  see  how  this  simple  action  can 
turn  into  a  lot  of  green. 

To  maximize  energy  savings,  the 
Climate  Savers  Computing  Initiative 
recommends  putting  monitors  and 
hard  drives  to  sleep  after  15  min¬ 
utes  or  less  of  idleness,  with  system 
standby  occurring  after  30  minutes. 

Next  Steps 

1  Virtualization  can  yield  signifi¬ 
cant  savings,  says  Larry  Vertal, 
a  member  of  the  board  of  direc¬ 
tors  at  The  Green  Grid,  a  global  con¬ 
sortium  dedicated  fo  developing  and 
promoting  energy  efficiency  for  data 
centers  and  information  service  de- 
Contimied  on  page  22 


C0MPUTERW0RID 


by  the  cost  savings  or  the  marketing 
advantages  that  can  come  from  more 
environmentally.friendly  policies. 
Often,  they’re  driven  by  a  combina¬ 
tion  of  factors.  In  any  event,  IT  has  a 
key  role  to  play. 

Here’s  a  checklist  of  suggestions 
from  Computerworld’s  Top  Green 
IT  2008  winners,  to  get  you  started 
and  keep  you  moving  in  a  greener 
direction. 

Low-Hanging  Green  Fruit 

1  Limit  paper  use. 

The  paperless  office  is  still  a 
dream.  Each  year,  the  U.S.  goes 
through  4  million  tons  of  copy 
paper,  2  billion  books,  350  million 
magazines  and  25  billion  newspa¬ 
pers.  This  can  lead  to  deforestation, 
and  the  paper  manufacturing  proc¬ 
ess  produces  carbon  dioxide. 


charges  20%  ext£j/or  it  —  although 
many  power  companies,  including 
his  own,  lock  in  the  price  for  multiple 
years,  which  means  your  green  pow¬ 
er  could  soon  be  cheaper  than  elec¬ 
tricity  from  conventional  sources. 

Use  power  management  tools. 

The  nonprofit  Climate  Sav- 
'l  ers  Computing  Initiative 
estimates  that  using  power 
management  features  for  desktop 
computers  can  save  more  than  600 
kilowatt-hours  of  electricity  and 
about  S60  annually  in  energy  costs 
per  computer.  Multiply  that  by  the 
hundreds  —  or  thousands  —  of  PCs 
you  have  in  your  IT  shop,  and  you 
can  see  how  this  simple  action  can 
turn  into  a  lot  of  green. 

To  maxi^ze  energy  savings,  the 
Climate  Savers  Computing  Initiative 


LOW-HANGING  FRUIT 
FOR  TODAY  AND 
STRETCH  GOALS 
FOR  TOMORROW, 
TO  SAVE  YOU  GREEN 
BY  GOING  GREEN. 


C0MPUTERW0RLD  19 


LEANER. 

MEANER. 

GREENER. 


■  Enterprise  Data  .Center’ 


:osts.  Busks 
■  highly  efficier 


i  SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLD. 


Z  Technology  can  eliminate  a  lot  c 
daily  commuting  and  travel  re¬ 
quirements.  But  IT  must  provide 
the  right  tools,  from  at-home  networkin) 
capabilities  to  audioconferencing  and 

At  BT  Group,  those  tools  allow 
about  10%  of  employees  to  work  frill 


ible  work  arrangements,  Young  says. 
The  company  also  has  invested  in 
technologies  for  virtual  meetings  and 
collaboration,  reducing  the  need  for 
employees  to  travel  between  sites. 

Young  says  these  initiatives  have 
prevented  the  production  of 97,600  ton; 
of  carbon  dioxide  that  commuting  and 
traveling  would  have  generated.  (Com¬ 
pany  studies  have  also  shown  that  the 
initiatives  increased  productivity  by 
21%  and  reduced  sick  time  by  63%.) 


dors  provide  more  details  about  their 
products'  environmental  impact  and 
energy  requirements,  and  the  federal 
Energy  Star  efficiency  rating  system 
now  applies  to  computer  equipment. 

Stretch  Goals 

1  Orta  batter  grip  on 
data  canter  demands. 

It’s  no  secret  that  data  center 
cooling  gobbles  up  energy.  Ac¬ 
cording  the  federal  Data  Center  Energy 
Efficiency  Program,  data  centers  used 
61  billion  kWh  of  electricity  in  2006 


—  in  dollars,  not  just  kilowatt-hours 

—  if  you  want  to  sell  this  initiative  to 
the  finance  people. 

Make  sure  you're  combining  new 
purchases  with  other  energy-reducing 
and  environmentally  friendly  initia¬ 
tives,  Blanchard  says.  For  example, 
don’t  just  replace  an  old  server  with  a 
newer  model.  Though  you’ll  see  savings 
from  the  exchange,  you’ll  maximize  the 
return  on  your  new  equipment  if  it’s 
part  of  say,  a  virtualization  project. 


jZ  In  a  typical  data  center,  no 
1  one  knows  what  10%  to  14%  of 
the  servers  are  doing,  so  keep¬ 
ing  better  track  of  your  assets  and 
curbing  unnecessary  use  can  yield 
good  savings,  says  Winston  Bumpus, 


C0MPUTERW0R10 


earned  Leadership  in  Energy  Efficient 
Design  (LEED)  certification  for  the 
40,000-square-foot  facility. 

This  provides  more  than  bragging 
rights.  The  new  data  center  requires 


tionally  designed  one. 

Showers.  The  design  incorporated 
energy-efficient  elements  such  as  natu¬ 
ral  light  and  multiple  cooling  options 
(including  the  use  of  naturally  chilled 
outdoor  air  when  possible).  In  addition, 
10%  of  the  data  center's  power  supply 
comes  from  renewable  power  sources. 

Showers  says  it  took  time  and  plan¬ 
ning  to  get  to  this  point.  For  instance, 
the  company  had  to  consolidate  applica¬ 
tions  over  the  past  decade  so  all  world¬ 
wide  transactions  would  flow  through 
the  Creve  Coeur  site.  And  the  decision 
to  pay  the  extra  costs  —  just  under  5% 
of  the  $21  million  total  —  for  the  LEED- 
level  data  center  wasn’t  taken  lightly. 

“But  there  was  a  sense  that  this  was 
the  right  thing  to  do.  We're  an  agri- 


Companies  also  need  to  determine 
how  much  energy  is  used  while  serv¬ 
ers  are  idle,  he  says,  noting  that  most 
idle  servers  tend  to  consume  60%  of 
the  power  required  for  peak  work¬ 
load  Such  figures  give  you  a  baseline 
against  which  to  set  goals  and  judge 
progress. 

As  organizations  get  a  better  handle 
on  data  center  efficiency  and  de¬ 
velop  best  practices  and  standards  for 
achieving  it,  they  can  move  to  the  next 
step,  according  to  The  Green  Grid's 
Vertal  and  Bumpus. 

That  entails  using  tools  that  dynami¬ 
cally  manage  the  data  center,  mov- 


>  workloads  around  (maybe  even 
other  geographic  sites),  powering 
wn  machines  that  aren’t  needed  and 
tomatically  bringing  up  machines 


cooled  server  racks  for  data  centers 
and  improvements  in  virtualization 
technology.  And  they  should  try  green¬ 
er  options  when  available. 

Marriott  did.  Its  new  Recovery  and 
Development  Center  will  be  sited  in 
Iron  Mountain  Inc.'s  145-acre  under¬ 
ground  facility  in  a  naturally  cooled 
limestone  cave  in  western  Pennsyl¬ 
vania.  “We're  trying  to  do  as  much  as 
we  can  with  the  natural  resources," 
Blanchard  says. 

Blanchard  acknowledges  that  ma¬ 
jor  steps  like  that  require  fairly  large 
investments  of  time  and  money,  as 
well  as  a  pioneering  spirit  But  he  says 
companies  need  to  embrace  the  next 
generation  of  technology  if  they  want 


to  build  greener  operations.  ■ 

Pratt  is  a  Computerworld  contributing 
writer  in  Waltham,  Mass.  Contact  her  c 
marykpratt@verizon.net 


COMPUTERWORLD 


i 


UUI 

3V 

m 

302. 

Q4. 

hi 

Companies  spend  millions  of  dollars  on  energy  to  store  their  information,  A  problem  that 
is  only  getting  worse-for  IT  budgets  and  for  the  planet.  IBM  has  a  broad  range  of  information 
management  solutions  to  help  companies  use  their  information  more  strategically  and 
efficiently.  From  deep  data  compression  capabilities  that  reduce  storage  requirements  by 
up  to  80%  to  smart  archiving  that  improves  application  performance,  Information  on  Demand 
helps  companies  extract  real  business  value  from  their  information  without  wasting  money 
and  energy.  A  greener  world  starts  with  greener  business.  Greenerbusiness  starts  with  IBM. 

SYSTEMS.  SOFTWARE.  SERVICES.  FOR  A  GREENER  WORLD. 

Learn  how  to  do  more  with  less.  Get  the  eBook  at  ibm.com/green/data 

Here’s  how  to 
move  forward 
while  keeping 
your  feet  on 
the  ground. 

By  Joaquin 
Gamboa  and 
Marc  Lindsey 

f 1 HE  PROMISE  of  moving 
I  your  company’s  software 
!  and  data  systems  into  the 
I  cloud  grows  more  enticing 
JL  by  the  day.  Virtualization, 


Clotid-enabling 
Your  Software 
Licenses 


licensing  proprietary  software,  with  vir¬ 
tualization  and  grid  computing  in  mind. 

Unlike  in  a  typical  computing  envi¬ 
ronment,  virtualization,  coupled  with 


tion  of  operating  systems,  middleware, 
data  stores  and  application  software 
from  the  limitations  of  physical  ma¬ 
chines  and  the  local-area  network.  This 
new  world  is  colliding  with  traditional 
vendor  licensing  practices,  producing 
software  compliance  nightmares  for 
both  licensees  and  licensors,  and  often 
resulting  in  irrational  license  fees. 

LEGACY  LICENSING  PRACTICE 


these  three  categories: 

»The  CPU  license  is  typical  for  oper¬ 
ating  system  software,  middleware  and 
some  application  software.  It  enables 
licensees  to  use  the  software  on  one 

Continued  on  page  28 


21  COMPUTERWORLD  SEPTEMBERS,: 


The  more  you  have  to  store, 
the  more  reliability  matters. 

Fujitsu  ETERNUS  Storage  Systems:  Uncompromising 
reliability  for  your  most  demanding  applications. 


To  help  enterprises  manage  the  flood  of  mission-critical  data,  Fujitsu  ETERNUS  Storage  Systems  deliver  the 
reliability  and  availability  data  centers  require.  For  continuous  data  access  and  easier  maintenance,  major 
components  are  redundant  and  hot-swappable.  The  controller  modules’  software  can  also  be  upgraded 
without  shutting  down  or  rebooting.  A  built-in  statistical  failover  mechanism  ensures  stable  operation  by  disabling 
components  exhibiting  intermittent  failures.  Furthermore,  disk  data  encryption  using  1 28-bit  AES  provides  security 
against  data  theft.  The  ETERNUS  Storage  Systems  range  from  the  new,  low-cost  ETERNUS  2000,  designed  for 
small  and  medium  businesses;  to  the  ETERNUS  8000  designed  for  large  enterprise  applications  and  is  available 
with  up  to  2  F>B  of  storage.  Go  to  us.fujitsu.com/computers/reliablestorage  for  more  information. 


Fujfrsu 


E  POSSIBILITIES  ARE  I  I F  I  I  I  T  E 


ENTERPRISES  OFTEN  license  critical 
software  on  a  perpetual  basis  by  pay¬ 
ing  a  one-time  upfront  fee  in  exchange 
for  the  right  to  use  the  licensed  soft¬ 
ware  indefinitely  under  the  terms  and 
conditions  of  a  license  agreement.  In 
recent  years,  an  alternative  licens¬ 
ing  approach  known  as  software  as 
a  service  has  offered  enterprises  an 
attractive  alternative  for  certain  types 
of  software. 

SaaS  is  attractive  because  it  entirely 
shifts  the  burden  of  running  and  main- 


Continued  from  page  26 
machine  and  often  identifies  specific 
compatible-equipment  configurations. 
Any  equipment  configuration  limita¬ 
tion  is  generally  based  on  design,  not 
license  compliance.  For  some  software 
(for  example,  certain  middleware  serv¬ 
er  software),  the  licensed  product  may 
support  alternative  or  enhanced  server 
configurations,  but  separate  license  en¬ 
titlements  must  be  purchased. 

Under  a  CPU  license,  the  fee  may 
vary  based  on  the  processing  power 
of  the  designated  CPU.  The  number  of 
users  who  access  the  licensed  software 

The  biggest  problem  with  CPU 
licenses  in  a  grid  or  cloud  context  is 
that  licensors  expect  licensees  to  buy 


a  particular  application.  With  SaaS. 
users  only  need  the  infrastructure  to 
access  and  connect  to  the  provider's 
data  center. 

Despite  its  simplicity  and  attractive 
pay-as-you-go  monthly  pricing,  there 
is  little  evidence  that  SaaS  will  com¬ 
pletely  replace  perpetually  licensed 
software  in  the  enterprise.  Conse¬ 
quently,  enterprises  will,  at  least  for 
some  software,  continue  to  work  with¬ 
in  the  confines  of  a  perpetual  license 
construct  for  the  foreseeable  future. 

-  JOAQUIN  GAMBOA  AND  MARC  LINDSEY 


poorly  with  actual  use.  There  may  be 
a  significant  number  of  potential  users 
who  rarely  or  never  actually  use  the 
software.  Worse,  some  licenses  define 
a  chargeable  seat  as  an  instance  of  a 
user  accessing  the  software  from  a  par¬ 
ticular  machine  (virtual  or  otherwise). 
Consequently,  a  single  user  or  device 
can  give  rise  to  multiple  seats  —  caus¬ 
ing  the  licensee  to  pay  multiple  times 
for  use  by  one  individual  or  device. 

The  second  method  determines  the 
license  fee  by  calculating  the  total 
number  of  concurrent  users  permit¬ 
ted  to  access  the  software  at  one  time. 
This  more  closely  corresponds  to  li¬ 
censee  use  patterns  than  the  total-seat 
license  because  occasional  users  can 
be  discounted  when  determining  how 


since  a  few  administrative  users  can 
serve  as  transaction  conduits. 

»The  enterprise  or  site  license  allows 
the  licensee  to  use  the  software  with¬ 
out  geographic  limitations,  specific 
limits  on  the  number  of  users  or  de¬ 
vices  accessing  the  software,  arbitrary 
processor  accounting  rules,  or  prohibi¬ 
tions  on  the  number  of  copies  made 
or  used  by  the  licensee.  There  may  be 
restrictions  on  the  types  or  configura¬ 
tion  of  the  equipment  on  which  the 
software  may  be  installed,  as  well  as 
some  business  operation  boundaries. 

The  site  license  is  a  variant  that 
restricts  to  a  specific  site  either  the 
installation  or  the  location  from  which 
users  can  access  the  software.  Each  ad¬ 
ditional  site  requires  a  new  license. 

Large  companies  regularly  negotiate 
long-term  custom  enterprise  and  site 
licenses.  These  require  lengthy  nego¬ 
tiations  and  large  lump-sum  payments 
to  the  licensor.  Given  the  cost  and  ne¬ 
gotiation  leverage  necessary  to  make 
this  strategy  work,  enterprise  and  site 
licenses  are  often  impractical. 

THE  PATH  FORWARD: 

THE  TRANSACTIONS  LICENSE 

There's  another,  better  licensing  struc¬ 
ture  that  fairly  balances  the  interests 
of  licensors  and  licensees:  a  transac¬ 
tions  license.  This  embraces  some  of 
the  elements  of  an  enterprise  license, 
but  it  is  adapted  to  serve  organizations 
of  all  sizes. 

Applying  a  transactions  license,  the 


■  IT  MENTOR 


Continued  from  page  26 
machine  and  often  identifies  specific 
compatible-equipment  configurations. 
Any  equipment  configuration  limita¬ 
tion  is  generally  based  on  design,  not 
license  compliance.  For  some  software 
(for  example,  certain  middleware  serv¬ 
er  software),  the  licensed  product  may 
support  alternative  or  enhanced  server 
configurations,  but  separate  license  en- 


poorly  with  actual  use.  There  may  be 
a  significant  number  of  potential  users 
who  rarely  or  never  actually  use  the 
software.  Worse,  some  licenses  define 
a  chargeable  seat  as  an  instance  of  a 
user  accessing  the  software  from  a  par¬ 
ticular  machine  (virtual  or  otherwise). 
Consequently,  a  single  user  or  device 
can  give  rise  to  multiple  seats  —  caus¬ 
ing  the  licensee  to  pay  multiple  times 


for  back-office  or  middleware  software, 
since  a  few  administrative  users  can 
serve  as  transaction  conduits. 

»The  enterprise  or  site  license  allows 
the  licensee  to  use  the  software  with- 


limits  on  the  number  of  users  or  de¬ 
vices  accessing  the  software,  arbitrary 
processor  accounting  rules,  or  prohibi¬ 
tions  on  the  number  of  copies  made 
or  used  by  the  licensee.  There  may  be 
restrictions  on  the  types  or  configura¬ 
tion  of  the  equipment  on  which  the 
software  may  be  installed,  as  well  as 
some  business  operation  boundaries. 

The  site  license  is  a  variant  that 
restricts  to  a  specific  site  either  the 
installation  or  the  location  from  which 
users  can  access  the  software.  Each  ad¬ 
ditional  site  requires  a  new  license. 

Large  companies  regularly  negotiate 
long-term  custom  enterprise  and  site 
licenses.  These  require  lengthy  nego¬ 
tiations  and  large  lump-sum  payments 
to  the  licensor.  Given  the  cost  and  ne¬ 
gotiation  leverage  necessary  to  make 
this  strategy  work,  enterprise  and  site 
licenses  are  often  impractical. 

THE  PATH  FORWARD: 


plication  at  any  one  time.  Whether  the 
users  operate  one  or  more  physical  or 
virtual  machines  shouldn’t  matter. 

This  can  be  an  imperfect  indicator  of 
usage  patterns,  however,  because  not 
all  users  are  equal.  A  company  that  has 
many  power  users  would  pay  the  same 
fee  as  a  company  with  an  equal  number 
of  users  whose  usage  is  average.  And 
from  the  licensor’s  perspective,  the 
concurrent-user  model  is  undesirable 


volume  is  within  a  preset  range,  there  is 
no  need  to  purchase  additional  license 
entitlements  or  receive  underutilization 
credits.  The  transaction  limits  can  be 
tailored  as  narrowly  or  as  broadly  as 
the  licensees  and  licensors  agree. 

To  keep  track  of  transaction  vol¬ 
umes,  the  licensed  software  can  be 
enabled  with  software  agents  that 
monitor  and  report  on  the  transaction 
Continued  on  page  30 


Enabling  the  Revolution 


■  IT  MENTOR 


Standards 
And  Data  1 
A  Cloud  Er 

Hare  are  some  other 
important  issues  to 

.Security  IKsst:? 

J|‘  _  ■_  ;  mitment  it’s  willing  to  make. 

lanaiing  111  :  •»  update  the  software's 

■  ^  !  security  throughout  the  term 

vironmeirt 

|  software's  security  design 
ment,  the  more  you  will  be  |  and  mechanisms  with  the 
locked  into  that  specific  ;  other  components  of  your 

that  data.  Before  you  put 
your  data  in  the  hands  of 
a  vendor,  demand  that  the 
vendor  demonstrate  its  data 
protection  and  business 
continuity  capabilities.  And 
when  you  decide  to  move 
forward,  make  sure  that 
your  negotiated  agreement 
is  explicit  about  the  vendor's 
ongoing  obligations  to  pro- 

a  cloud  vendor  or 
services  provider; 

SECURITY  I  cloud  manager  or  provider. 

tect  your  data  and  holds  the 
vendor  liable  for  failure  to 

STANDARDS 

Whether  you're  running  your 

someone  etee's,  you'll  want 
to  ensure  that  your  early 
investments  in  virtualization 
are  good  for  the  long  haul.  To 
the  extent  possible,  get  as¬ 
surances  from  your  vendors 
and  cloud  providers  (hot 

occur  in  a  virtualized  envi-  j  cal  and  logical  security  prac- 
ronment  for  various  reasons  ;  tices,  processes  and  man- 
(e.g„  design  defects,  poor  ;  agement  approaches,  and  its 
patch/update  management,  1  willingness  to  comply  with 
ineffectual  authentica-  !  your  security  policies  and 

tion  controls,  storage  and  j  procedures.  Your  negoti- 
transmission  of  sensitive  ;  ated  agreement  with  a  cloud 

data  without  encryption,  and  ;  manager  or  provider  should 
inadequate  procedures  for  j  do  the  following; 

ff  your  company  operates 
internationally  or  in  certain 
industries  in  the  U.S.(e.g„ 
financial  services  or  health 
care),  your  negotiated 
agreement  should  require 
the  vendor  to  comply  with 
applicable  date-protection 
and  privacy  laws. 

the  systems  you’re  buying 
are  standards-based,  will 

you  intend  to  adopt  as  part 

reporting  and  mitigation).  To  j  riodic  security  assessments, 
increase  the  likelihood  that  ;  ■  Assign  responsibility  for 
your  virtualized  environment  ;  security  incident  detection, 
will  bo  sufficiently  secure,  [  reporting,  response  end 

should  also  do  the  following: 

■  Incorporate  the  relevant 
portions  of  your  privacy  poll- 

of  your  technology  strategy, 
and  are  able  to  grow  with 
your  business  -  both  In  terms 
of  capacity  and  complexity. 

make  security  one  of  the  j  mitigation, 

determining  factors  in  the  j  ■  Include  a  process  for  man- 
evaluation  and  selection  of  ;  agement  escalation  of  unre- 
both  software  and  services  ;  solved  security  problems. 

to  conform  to  them. 

■  State  that  your  company 
owns  its  data,  has  access  to 
that  data  at  its  discretion, 

eise's  cloud,  make  sure  that 
you're  not  creating  an  exten¬ 
sive  set  of  APIs  or  function 
calls  that  are  proprietary 
to  that  cloud  provider.  The 
greater  your  investment  In 
your  virtualized  environ- 

In  your  evaluation  of  soft-  i  DATA  HANDLING 
ware  vendors,  consider  the  i  Protecting  sensitive  cor- 
following  factors;  j  porate  and  customer  data 

■  The  relative  importance  ;  should  be  a  priority  If  you're 
that  the  vendor  has  placed  ;  considering  a  virtualized 
on  security  in  its  design  of  !  environment  that  enables  a 
the  software.  !  vendor  to  manage  or  store 

and  will  receive  the  data 
upon  the  expiration  or  termi¬ 
nation  of  the  agreement. 

■  Describe  the  parties' re¬ 
sponsibilities  when  it  comes 
to  recovering  lost  data. 

-JOAQUIN  GAMBOA  AND 

MARC  LINDSEY 

Continued  from  page  28 
volume  during  the  appropriate  mea¬ 
surement  period.  (Annually  makes  the 
most  sense.  It  accounts  for  seasonality 
and  avoids  introducing  too  many  bur¬ 
densome  electronic  audits.) 

Determining  which  transactions  for 
a  given  piece  of  software  will  be  relied 
on  for  pricing  and  then  developing 
reliable  monitoring  agents  are  among 
the  technical  challenges  transactions 
licenses  present  Forward-thinking 
licensors  should  be  motivated  to  over¬ 
come  these  challenges,  however,  be¬ 
cause  the  rewards  are  worth  the  effort 


Licensors  will  be  able  to  offer  many 
of  their  potential  customers  a  more  ra¬ 
tional  pricing  option  that  doesn’t  force 
them  to  purchase  more  license  entitle¬ 
ment  rights  than  they  actually  use 
initially  and  allows  them  to  purchase 
more  as  needed.  Because  licensees 
won’t  feel  cheated  by  the  licensor,  more 
will  resist  the  temptation  to  abuse  their 
license  rights.  Licensors  that  evolve 
their  software  designs  and  license 
practice  to  keep  pace  with  the  virtual¬ 
ization  and  grid  computing  technolo¬ 
gies  will  have  a  competitive  advantage. 

The  promises  of  virtualization  and 


cloud  computing  are  tempting  But 
when  moving  forward  with  virtualiza¬ 
tion,  make  sure  your  head  is  not  lost  in 
the  clouds.  You  should  be  clear  about 
what  you're  getting  yourself  into.  Iden¬ 
tify  the  real  costs,  pin  down  the  scope 
of  your  use  rights,  put  protections  in 
place  in  case  things  don’t  go  as  planned, 
and  lay  a  strong  licensing  foundation 
that  will  serve  you  in  the  future.  ■ 
Qamboa  and  Undsey  are  partners  at 
Washington  law  firm  Levine,  Blaszak, 
Block  &  Boothby  LLP  (wwwJb31aw. 
com).  Contact  them  at  jgamboa@ 
lb3law.com  and  mlindsey@lb3law.com. 


SO  COMPUTERWORLO  SEPTEMBER  8, 2008 


Evolve  your  telephony  with  software  and  leave  the  PBX  in  place. 


Microsoft 


■  SOFTWARE 


er  service  and  a  member  of 
the  original  cross-functional 
team.  "What  we  did  is  roll 
up  our  sleeves  and  plow 

ographies.  Before,  they  had 
separate  accounts,”  Bianchi 
explains.  “Now,  if  a  cus¬ 
tomer  in  California  wants 

through  all  of  these  custom¬ 
er  interactions.  We  looked 
for  the  simplest  and  most 
efficient  processes  and  then 

asked  IT  to  automate  those 

to  add  a  parent  in  Florida  to 
his  account,  we  can  do  that 
very  simply  and  straightfor 
wardly.  It’s  the  same  with  a 
business  that  may  need  to 

Creating  a  single  billing 
system  from  13  saves  Verizon 
Wireless  $20  million 
annually.  By  Julia  King 

■  ■  1  optimizing  the  hundreds  of 

“The  whole  thinking  was 
that  less  is  more,”  Waghray 
emphasizes.  “That  means 
fewer  applications  to  man¬ 
age,  fewer  rules  of  engage¬ 
ment,  fewer  touch  points  for 
customers.” 

PULLIN0  IN  THE  DATA 

change  accounts  for  people 
as  they  are  moved  around 
the  country.  We’re  hitting 
the  sweet  spot  of  what  cus¬ 
tomers  are  asking  for,  whicl 
is  for  us  to  be  simple  to  do 
business  with.” 

Verizon  Wireless  is  more 
than  likely  saving  its  cus¬ 
tomers  time  and  money  as 

Ajay  Waghray,  CIO 
IT  STAFFERS:  2,394 
OJECT  PAYBACK: 
0  million  annually 


■  ■  ■  the  IT  philosophy 

in  operation  at 
Verizon  Wireless. 
In  fact,  the  telecommuni¬ 
cations  company's  2008 
Premier  100  Best  in  Class 
project  was  a  study  in  the 
benefits  of  slimming  down. 
By  consolidating  13  billing 
systems  into  a  single  enter¬ 
prise  system,  the  company 
is  now  saving  $20  million 


keepers  of  all  the  custom 
data  and  rules  of  engage¬ 
ment.  To  simplify  the  cut 
tomer  experience,  you've 


sembling  a  cross-functional 
team  whose  members  rep¬ 
resented  every  step  in  a 
customer’s  experience, 
from  marketing  and  sales  to 

operations  and  support. 

The  deadline  was  tight: 

18  months  to  standardize 
and  implement  a  single  set 
of  business  processes  that 
would  ultimately  make  it 
possible  to  ensure  that  every 
customer  who  walked  into 
one  of  the  company’s  2,400 
stores  would  walk  out  with 
an  activated,  ready-to-use 
wireless  phone. 


Waghray  says,  the  IT  team 
adopted  a  standard  format 
for  importing  data  from  the 
13  different  systems  into  the 


mainframe  platforms. 

Today,  this  single  billing 
system  is  the  primary  reposi¬ 
tory  for  all  customer,  pricing 
and  service  package  data  —  a 
setup  that  works  to  create 
consistency  across  all  of  the 
company’s  service  areas. 

“For  example,  we  have 
both  business  and  consumer 


that  approximately  10%  of 
carriers’  bills  have  errors, 
many  caused  by  inconsis¬ 
tent  systems.  This  is  dif¬ 
ficult  to  monitor,  so  corporate 


reporting  errors. 

According  to  Redman, 
“Eliminating  the  chance 
for  errors  by  consolidating 
billing  systems  improves 
accuracy,  creates  higher 


N.J.,  company,  neither  data  and  policies.  We  had  differ- 


nor  systems  integration 
proved  to  be  the  biggest 
challenge  in  the  project.  In¬ 
stead,  it  was  innovating  and 


ent  systems,  which  spawned 
different  approaches  to  busi¬ 
ness  problems,”  recalls  John 
Bianchi,  director  of  custom- 


Mfhe  whole  think¬ 
ing  was  that  less  i 


■  ■■ing  was  that  less  is 
more.  That  means  fewer 
applications  to  manage, 
fewer  rules  of  engagement, 
fewer  touch  points  for  customers. 

AJAY  WAGHRAY.  CIO.  VERIZON  WIRELESS 


C0MPUTERW0RLD  SEPTEMBER  8. . 


SunGard  Availability  Services  help  your  business  move  forward  with 
the  most  advanced  and  widest  choice  of  information  availability  options 
in  the  industry 


From  virtualization  to  hot  sites  to  replication  and  vaulting— SunGard  Availability  Services 
does  it  all.  And  it's  all  we  do.  That  kind  of  focus  helps  ensure  high  availability  of  data, 
applications  and  systems  and  fits  your  needs  and  budget  precisely. 

When  we  partner  with  you.  you  worry  less  about  the  road  ahead.  Here's  why: 
a  track  record  of  100%  successful  recoveries;  over  60  facilities  with  redundant 
power  connected  to  SunGard’s  secure  global  network;  and  more  than  20,000  end- 
user  positions  in  facilities  across  North  America  and  Europe.  SunGard  Availability 
Services— the  information  availability  solution  for  businesses  that  must  run  non-stop. 
Keep  moving,  call  1-800-468-7483  or  visit  www.availability.sungard.com. 

SUNGARD*' 

Availability  Services  I  Connected? 


■  CAREERS 


How 

To  Save 
Ybur  Job 


Your  intuitive 
response  to  a 
layoff  threat 
may  be  exactly 
wrong. 


The  smell  of  fear  is  getting 
stronger  as  the  "R"  word  pops 
up  more  frequently  in  busi¬ 
ness  discussions  and  layoffs 
loom  in  many  companies.  In 
this  month’s  Harvard  Busi¬ 
ness  Review,  Janet  Banks 
and  Diane  Coutu  assert  that 
workers  who  feel  that  their 
jobs  are  threatened  often 
react  in  exactly  the  wrong 
way.  Banks,  a  former  execu¬ 
tive  at  FleetBoston  Financial 
and  Chase  Manhattan  Bank 
who  is  currently  doing  small 
group  facilitation  work  for 
nonprofit  companies,  told 
Kathleen  Melymuka  that 
your  best  strategy  may  not  be 
the  one  that’s  intuitive. 

If  I'm  an  rr  professional, 
what's  the  single  most  im¬ 
portant  thing  I  can  do  to  keep 
my  fob  when  layoffs  seem  to 
be  looming  at  my  company? 

I’d  love  to  say  it’s  your  work 
on  relevant  projects,  but  at¬ 
titude  is  probably  the  single 
biggest  thing  you  can  con¬ 
trol,  and  it  will  impact  how 
you  perceive  yourself  and 
how  others  perceive  you. 

It’s  much  easier  to  deselect 


a  sour,  negative  person  than 
someone  who  is  construc¬ 
tive  and  creative. 

I  don’t  want  to  pigeonhole 
people,  but  tech  work  often 
attracts  introverted  people. 
And  most  business  people 


are  extroverts,  so  they  are 
not  going  to  know  how  an 
introvert  is  thinking.  So  you 
need  to  take  risks  and  put 
yourself  out  [there]  more 
offering  constructive  ideas. 

Many  people  hunker  down  and 
keep  a  low  profile  when  layoffs 

to  be  to  do  jut  the  opposite. 

Hunkering  down  is  an  illu¬ 
sion.  You  have  the  payroll 
sheet  with  everybody's 
name  on  it.  Nobody  is  invis¬ 
ible,  and  you  can't  hide.  Ev¬ 
erything  is  being  assessed: 
every  project,  every  person. 
And  if  you’re  not  visible  in  a 
positive  way,  it’s  easy  to  say, 
“I  won’t  miss  him.” 

You  write  that  H’e  also  valu¬ 
able  to  be  ambidextrous.  What 
doss  that  mean  for  an  IT  pro¬ 
fessional?  The  ability  to  play 
multiple  roles.  For  me,  the 
most  important  would  be  a 
capacity  to  identify  with  the 
business  as  opposed  to  just 
the  tech  role.  In  companies 
I’ve  worked  with,  there  have 
been  terrific  examples  of 
people  in  IT  who  really  be¬ 
came  business  leaders.  Art 
Ryan  at  Chase  came  from 
that  world  and  became  CEO. 
But  he  was  always  identified 
with  how  to  make  the  busi¬ 
ness  more  profitable.  That’s 
a  [mind-set]. 

You  stress  the  Importance 
of  showing  empathy  for  your 
leaders,  even  if  they  may  be 

does  that  differ  from  suck¬ 
ing  up?  The  people  who  do 
it  well  do  it  from  an  hon¬ 
est  effort  to  be  supportive 
to  their  boss,  and  it  starts 
with  having  a  relationship 
that  is  built  on  trust  so  you 
can  give  honest  feedback. 
You  can’t  manufacture  that 
in  a  crisis;  it’s  something 
you  need  to  be  working  on 
whether  you’re  worried 
about  your  job  or  not. 


PlanB 

No  job  protection  plan 
is  foolproof.  As  you  do 
what  you  can  to  keep 
your  Job,  it's  wise  to 
also  prepare  for  the 
worst.  Here  are  soma 
things  you  can  do  now: 

■  Determine  what 
you're  good  at  and  what 
you  enjoy  most. 

■  Revisit  Myers-Briggs 
or  other  tests  you've 
taken  over  the  years 
to  gain  a  better  un¬ 
derstanding  of  your 
strengths  and  woak- 


■  Update  your  resumi. 


■  Consider  a  creative 
leap  to  a  different 
kind  of  job. 


Kissing  up  is  when  people 
hear  you  talking  out  of  two 
sides  of  your  mouth.  You  say 
one  thing  to  the  boss  and 
another  around  the  water 
cooler.  You  can’t  do  that 
Phony  behavior  is  spotted  a 
mile  away,  so  the  empathy 
has  to  come  from  your  au¬ 
thentic  self. 


What  makes  you  think  this  ap- 
proach  to  helping  people  save 
their  jobs  erii  work?  There’s 


no  guarantee  that  any  ap¬ 
proach  will  work.  Some¬ 
times  it’s  not  personal  at  all: 
If  a  project  is  gone,  you’re 
gone.  Sometimes  there’s 
nothing  you  can  do  about  it. 
But  at  end  of  the  day,  how  do 
you  want  to  feel  about  your¬ 
self?  Did  you  give  it  your 
best?* 


COMPUTERWORLD  SEPTEMBER  8.  2008 


L  Attend  our  IT  Management  Summit  on  Enterprise  Search 
in  one  of  the  following  cities: 

Dallas,  Texas 

Tuesday,  September  23, 2008, 8:45am  to  Noon,  Sheraton  Dallas  Hotel 

Complimentary  registration  available  at:  www.itmanagementsummit.com/registration/dallas 

— -  Seattle,  Washington 

Thursday,  September  25,  2008, 8:45am  to  Noon,  The  Fairmont  Olympic  Hotel 

Complimentary  registration  available  at:  www.itmanagementsummit.com/registration/seattle 

New  York,  New  York  - - 

Thursday,  October  2,  2008, 8:45am  to  Noon,  The  Hilton  New  York 

Complimentary  registration  available  at:  www.itmanagementsummit.com/registration/newyork 


For  additional  information  visit  www.itmanagementsummit.com 
or  contact  Christina  DeAvila  at  508-820-8208. 


I COMPUTERWORLD 

I  IT  MANA6EMENT  SUMMIT 

UrmPHSESURCH 


■  SECURITY  MANAGER’S  JOURNAL  >  J.F.  RICE 


Building  a  Security 
Org  From  Scratch 

Coming  in  as  the  security  guru  in  a  com¬ 
pany  with  no  infosec  program  at  all  is  an 
opportunity.  Doing  it  twice  is  even  better. 


I  have  THE  rare  good 
fortune  of  being  in 
a  position  to  help 
build  an  information 
security  organiza¬ 
tion  from  scratch.  I’m  es¬ 
pecially  lucky  because  I’ve 
done  it  before. 

At  my  previous  job,  I 
spent  six  years  building 
an  information  security 
program  where  none  had 
existed.  How  many  of  us 
get  to  do  that? 

It  may  sound  daunting, 
but  let  me  tell  you,  it  was 
immensely  rewarding.  I 
was  able  to  start  with  a 
clean  slate,  building  a 
mature  security  environ¬ 
ment  without  the  distrac¬ 
tion  of  dealing  with  any 
existing  processes  or  in¬ 
frastructure. 

This  time  around,  I  have 
experience  to  lean  on.  For 
example,  I  learned  in  my 
old  job  that  one  of  the  big¬ 
gest  challenges  to  success 
is  negativity,  so  I’m  trying 
to  head  off  resistance  and 
negative  attitudes  while 
racking  up  some  signifi¬ 
cant,  visible  wins  early  oa 
Security  efforts  can't  bear 
fruit  without  the  coopera¬ 
tion  of  a  large  number  of 
people  from  organizations 
all  across  the  enterprise. 


each  of  which  has  its  own 
priorities  far  removed 
from  what  I  want  to  ac¬ 
complish. 

Dealing  with  software 
vulnerabilities  is  my  first 
big  challenge  in  this  com¬ 
pany.  Determining  which 
systems  need  patching 
and  then  following  up 
with  the  patches  them¬ 
selves  isn’t  very  difficult, 
of  course.  The  challenge 
arises  because  I  don't  have 

the  authority  to  command 

that  this  be  done.  Instead, 

I  need  to  convince  various 
departments'  technical 
specialists  and  business 
owners  how  important  it  is 
to  patch  the  systems  they 
rely  on,  and  make  it  clear 
why  they  should  spend  a 
significant  amount  of  time 
and  money  to  make  this 
happen.  I’m  sure  you've 
seen  this  before  —  the  se¬ 
curity  guru  who  is  respon- 


I  I’m  sure  you’ve 
seen  this  before 
-fhe  security  guru 
who  is  responsible 
for  fixing  a  prob¬ 
lem  but  lacks  the 
authority  to  go  out 
ana  paten. 


sible  for  fixing  a  problem 
but  lacks  the  authority  to 
go  out  and  patch. 

So  this  week,  I  took  the 
security  show  on  the  road. 
I’ve  elected  to  put  myself 
out  in  front  of  the  people 
who  need  to  support  and 
fund  this  effort  and  help 
them  understand  what 
needs  to  be  done  and  why. 

Taking  a  top-down  ap¬ 
proach,  I  spent  this  week 
meeting  with  six  senior 
managers  of  various  busi¬ 
ness  units.  These  are 
the  people  who  should 
be  demanding  that  their 
systems  be  patched  regu¬ 
larly,  so  I’m  raising  their 
awareness  of  the  need  for 
vulnerability  management, 
showing  them  reports  on 
the  security  health  of  their 
systems  and  helping  them 
understand  the  risks  as¬ 
sociated  with  unpatched 

PATCH  CATCH-UP 

We  have  a  lot  of  catching 
up  to  do  because  most 
of  our  critical  systems 
(yes,  even  the  Internet¬ 
facing  ones)  haven’t  been 
patched  at  all  in  years.  So 
right  now,  although  I’m 
focused  on  catching  up, 
it’s  going  to  be  just  as  im- 


36  COMPUTERWORLD  SEPTEMBER  8. 2008 


Trouble 

Ticket 

AT  ISSUE:  Most  of 
this  company’s  critical 
systems  haven't  been 
patched  in  years. 
ACTION  PLAN:  Get 
cooperation  from  various 
departments  by  educat¬ 
ing  and  informing,  not 
threatening. 


portant  to  implement 
a  regular  patching  cycle 
so  that  we  never  fall  be¬ 
hind  again. 

I’ve  had  great  results 
so  far  with  my  education- 
and-advocacy  tour.  I’m 
trying  to  keep  my  mes¬ 
sage  positive,  stressing  the 
benefits,  improvements 
and  returns  to  be  gained 
with  regular  patching, 
while  avoiding  the  use  of 
FUD  to  scare  people  into 
submission.  Even  though 
I  could  tell  them  plenty 
of  stories  about  how  our 
systems  are  being  con¬ 
stantly  attacked,  I’ve  seen 
no  need  to  take  that  route. 
In  fact,  people  have  been 
suggesting  that  we  patch 


can,  applications  included, 
but  my  focus  right  now 
is  on  patching  the  basic 
operating  systems  and  not 
the  applications  that  run 


turning  up  the  O  JOIN  IN 
throttle  too 

quickly  and  bit-  .  ameuunmU. 
ing  off  more  than 


can  chew  right  now.  One 
battle  at  a  time,  please. 

I  know  from  experience 
that  we  have  a  long  road  to 
travel,  and  I’m  settling  in 
for  the  long  haul.  ■ 

This  week’s  journal  is 
written  by  a  real  security 


name  and  employer  have 
been  disguised  for  obvious 
reasons.  Contact  him  at 
jf.rice@engineer.com. 


®  RELEVANT 


O  INFORMATIVE 


®  STREAMING 


into  the  hot  topics  of  today  from 
i- in  their  own  words.  From  business 
Itowlreless  technologies,  webcasts 
IriprkLcom  bring  every  important 


Check  out  some  of  the  latest  webcasts  at  Computerworld.con 

•  Gain  a  Faster.  Cheaper  Way  to  Manage  Workload 

•  Why  SaaS  is  Vital  to  Email  and  Web  Security 

•  From  Laggard  to  Leader:  Transforming  the  Data  Center 


/ 


Paul  Glen 


WhatlsaJob, 

Anyway? 


WITH  THE  economy  ailing,  the  U.S.  presiden¬ 
tial  election  in  full  swing  and  surveys  show¬ 
ing  cuts  in  next  year’s  IT  budgets,  get  ready  to 
hear  more  and  more  about  jobs.  People  will 
lose  jobs.  Evil  corporations  will  export  jobs.  We  will  need 
3s.  We  will  need  better  jobs.  Not  Mcjobs. 


more  jc 

People  will  become 
unemployed  and  underem¬ 
ployed,  and  they  will  drop 
out  of  the  workforce.  They 
will  go  back  to  school  with 
the  hopes  of  obtaining  bet¬ 
ter  jobs.  The  government 
will  try  to  “create”  jobs 
using  tax  policy,  environ¬ 
mental  policy,  fiscal  policy, 
trade  policy,  labor  policy, 
research  funding,  public 
works  and  a  healthy  dose 

The  discussion  will  be 
endless.  But  it  will  skip 
one  important  question: 
What  is  a  job,  anyway? 

The  word  has  become  a 
central  part  of  the  lexicon 
of  personal  finance  and 
career  development  For 
most  of  us,  it’s  the  primary 
source  of  family  income. 
But  do  we  really  know 
what  it  means? 

I’m  not  an  expert  on 
employment  history,  but  it 
seems  to  me  that  SO  years 
ago,  the  meaning  of  a  job 
was  relatively  clear. 

If  you  were  a  man,  you 
joined  a  company  for  an 


indefinite  period,  usually 
assumed  to  be  life.  You 
worked  full  time  and  drew 
a  steady  salary,  and  the 
firm  repaid  your  loyalty. 
When  you  retired,  you  got 
a  pension  and  maybe  even 
health  benefits. 

If  you  were  a  woman, 
the  meaning  of  a  job  was 
probably  more  flexible.  It 
may  have  been  a  career 
or  perhaps  just  something 
to  do  until  you  started  a 

But  now,  who  knows 
what  a  job  means?  If  you 
worked  for  a  company  for 
five  years  and  it  decided 
to  outsource  your  depart¬ 
ment,  did  you  have  a  job, 
or  was  it  just  a  contract? 

If  you’re  an  independent 

■  It  seems  that  we 
in  IT -for  better 
and  worse  -  have 
been  in  the  van¬ 
guard  of  the  cre- 


contracfor  with  an  open- 
'  1  at  with 


a  full-time  client,  do  you 

If  you’re  an  employee 
of  a  staffing  firm  that  will 
lay  you  off  as  soon  as  your 
project  ends,  do  you  have 
a  job? 

If  you’re  a  full-time  em¬ 
ployee  of  a  company  and 
you  change  from  being  a 
programmer  to  being  a 
project  manager,  have  you 
changed  jobs? 

The  questions  are  end¬ 
less.  It  seems  that  we  in  IT 
—  for  better  and  worse  — 
have  been  in  the  vanguard 
of  the  creative  reinvention 
of  employment.  Consul¬ 
tants  and  contractors  have 
become  commonplace. 
What  was  once  clear  has 
become  a  jumble. 

Does  this  matter? 

I  think  that  it  does. 
Morale  and  motivation 
are  tied  in  many  ways  to 
whether  our  employment 
relationships  fulfill  our  ex¬ 
pectations.  Employers  and 
employees  come  to  these 


relationships  with  subtle 
and  often  unarticulated 
expectations  that,  if  not 
met,  become  a  source  of 
conflict,  unhappiness  and 
unease. 

While  the  idea  of  the 
1950s  stable  job  lives  on 
and  the  word  job  con¬ 
tinues  to  imply  stability 
and  security,  that  sort  of 
employment  relationship 
has  become  an  endangered 
species.  The  reality  is 
much  more  complex  than 
a  three-letter  word  can 
encompass.  That  seems 
to  leave  us  all  on  edge, 
always  dissatisfied  with 
the  employment  we  have, 
pining  for  the  fantasy  that 
reality  can  never  achieve. 

So  the  important 
question  today  is  not 
whether  you  have  a  job, 
but  whether  you  have  an 
employment  relationship 
that  meets  your  needs  and 
aspirations. 

As  managers,  it’s  past 
time  for  us  to  become 
more  observant  about 
what  our  people  want  and 
need  from  us  and  more  ar¬ 
ticulate  about  what  we  can 
realistically  offer. 

If  you  want  to  keep  the 
general  malaise  at  bay  and 
keep  your  people  focused 
and  motivated,  your  job  in¬ 
cludes  helping  them  thrive 
in  this  new  and  as  yet  un¬ 
named  world.  ■ 
PtliOttnisthefoOnderof 
the  GeekLeadersxom  Web 
community  and  author  of 
the  award-winning  book 
Leading  Geeks:  How  to 
Manage  and  Lead  People 
Who  Deliver  Technology 
(Jossey-Bass,  2003).  Contact 
him  at  infb@paulglen.com. 


Your  potential-  Oui  passion 


Microsoft 


MICROSOFT  SYSTEM  CENTER.  DESIGNED  FOR  BIG. 


System  Center 


•  1 


Bruce 

Marcus 


The  CIO  at  The 

McGraw-Hill  Cos.  answers 
questions  about  becoming  a 
leader,  the  economic  outlook 
and  working  things  out 
with  a  difficult  boss. 


SALARY  OTHER  COMPENSATION* 


1 

Barbara  Denar,  Bank  of  America 

1800,000  t9.732.St3  SW.532.5t3  ? 

2 

«eoSalow,Ameripnse  Financial 

S70M78  S8.319.310 

*7,028,188 

3 

Babart  Carter,  FedEx 

S8W.000  S4.951.269 

*8481488 

4 

lb*  Shack,  PNC  Financial 

*475,000  *4421.181 

S44**,»1 

5 

Marti  Bazar,  WeSPoint  (now  retired) 

ttflfffl  tl.tfl.lMM 

*4478.008 

6 

Bab  WBMt,  Best  Buy 

8886477  S3,992.15a 

*4477.7*8 

7 

llaaa  Kapler.  Dow  Chemical 

8882410  S4.H0.517 

*4472427 

8 

Baady  Darcy.  6enaralMfe 

HHHt.QfHI  W.HI.BH 

9 

Bat  DaBada..  Home  Depot 

*774,788  *3421485 

84488,143 

10 

Larry  KttteWergar,  Honeywel  International 

T1. 188.188 

*4478448 

ersbip  rote  stand  out  from  his 
poors?  The  broader  perspective 
is  always  a  good  place  to  start 
Technologists  tend  tohave  deep 
knowledge  and  siloedperspectives. 
Understand  the  business  objectives, 
and  look  at  how  the  technologies 
you're  responsible  for  are  and  can 
be  used  to  further  those  objectives. 
This  understanding  provides  a  start¬ 
ing  point  for  discussion  that  tends 
to  differentiate  would-be  leaders. 
Looking  beyond  your  technical  silo 
to  how  all  your  technologist  peers 
can  help  achieve  those 
business  goals  is  part 
of  what  makes  a  leader. 

Showing  the  way  out  of 


focused  on  the  revenue-generating 
side  of  the  business  than  ever  be- 
f  ore.  Businesses  seem  to  be  moving 
cautiously  toward  adjusting  IT  staff- 


I’ve  had  so 
my  boss,  who  becomes  very 
defensive  N  anyone  suggests 
other  ways  of  doing  things. 
His  attitude  seems  petty 
to  me,  but  I’m  the  one  who 


endless  abstract  debates  too  it  Leaders,  said 
about  what's  the  best  ! 
technical  approach  |J 


the  time.  What  should  I  do? 

■jgjjjggjjn  I'd  take  a  good  look 
at  how  you're  raising 

O  QUESTION?  suaaestions  With 
some  bosses,  being 


toward  a  solution  that's 
good  enough  for  the  business  pur¬ 
pose  helps  as  well.  Your  customers 
will  likely  appreciate  the  perspective, 
and  your  leadership  may  well  rec¬ 
ognize  your  ability  to  communicate 
in  ways  that  tie  technology  goals  to 
business  and  customer  impact. 


challenged  in  a  room 
full  of  other  people  is 

J  usually  guaranteed  to 
go  nowhere  and  earn 


i  Just  starting  to  regain 


industry  when  the  economy 
started  to  go  south  a  few 
months  ago.  Is  IT  going  to  get 
hit  hard  by  this  downturn? 

Yes.  but  it's  not  likeiy  to  be  as  big 


you  a  negative  label.  A  one-on-one 
session  may  help  your  boss  put 
asideherorhisegoand  listen. 
Sometimes,  a  short  written  sugges¬ 
tion -sent  only  to  your  boss  (same 
ego  issue)  mayhelpopenthedoor. 
Sometimes,  when  there  are  com¬ 
peting  notions  about  how  to  move 
forward,  abstract  discussion  isn't  ; 

helpful  and  only  real-world  expert-  £ 
ence  can  get  to  a  conclusion.  Even  £ 

when  the  winning  idea  isn't  yours.  j 

be  as  energetic  about  realizing  it  as  £ 
you'd  be  if  it  were  your  own.  That  £ 
lends  credibility -‘It  wasn't  Tom's  \ 


Reach  your  target  audience  ~«™.  »  r j.  *-» 

of  professional  IT  job  seek-  nITsIZ’pa1W>1 
ers  with  Computerworld’s 

Didn't  find 

Co-Branded  Email  Blasts.  it  can** 

that  you  wi 

This  unique  program  allows  loownofo 

Check  back  with  us 

you  to  choose  your  criteria 

of  1 00%  opt-in  subscribers  *<***0^** 

by  geography,  company  ITcaree' 

size,  job  title  and  industry.  - 

Call  Dawn  Cora  at  U 

800-762-2977  for  details!  2 

COMPUTERWORLD  t 


Searching  for  diverse  IT  Talent? 

Ut  Computerworld  IT  careers  put  your  recruitment 
message  In  front  of  over 1,400,000 
qualified  IT  professionals! 

Contact  Dawn  Cora  for  details 
or  email  itcproduction@itcareers.net  or 
call  800  762  2977 


Shamank 

older  model.  “The  plan  was  to 
leave  the  old  router  in  place 
as  backup,  to  be  removed 
after  60  days,"  says  a  pilot 

the  root  disk  is  corrupt,  and 
he's  going  to  have  to  arrange 
a  replacement  disk  and  recov¬ 
ery.  OK,  hsh  hgures,  he's  got 

TRUE  TALES  OF  IT  LIFE  AS  TOLD  TO  SHARKY 

It  Would’ve  Helped  :  problems.  Then  fish’s  boss 

This  pilot  hsh  writes  custom  j  gets  Involved  and  tells  hsh 
software  for  his  company  and  j  to  start  checking  with  users 
supports  its  users  at  remote  ;  at  other  sites.  Several  hours 
sites.  So  when  a  user  con-  ;  into  fhaf  process,  hsh  calls 
tacts  him  to  say  the  software  1  the  user  again  to  get  more 
has  suddenly  stopped  work-  I  information  on  the  problem 

hsh  in  the  know.  “The  office 
and  all  300  users  were  soon 
up  on  the  new  routers."  Flash 
forward  60  days:  The  very 
same  tech  shows  up,  walks 
past  all  300  users  and  pro¬ 
ceeds  to  the  switch  room  to 

“However,  the  offshore  group 
responsible  for  creating  the 

it  covered;  no  need  to  come  in 
early.  “When  1  arrived  on-site, 

1  went  to  the  computer  and 
rebooted  it.  It  started  clean 
immediately,  and  we  got  ev¬ 
erything  up  and  running  with 
no  errors,"  says  hsh.  “My  col¬ 
league  then  had  to  send  out 
e-mails  saying,  ‘Whoops,  the 
server  is  now  up,  and  cancel 

ing,  fish  is  right  on  it  “For-  !  and  have  him  try  one  specific 
tunately,  the  user  enclosed  j  work-around.  “Oh,"  says  user, 
a  screenshot,  though  the  ;  once  fish  gets  him  on  the 

information  from  the  screen-  !  phone,  “the  tech  guys  just 
shot  was  useless,- says  hsh.  1  took  it  away.  All  of  my  other 
“1  asked  the  user  to  attach  1  programs  had  stopped  work- 
the  log  hie  that  my  applies-  •  ing  and  the  PC  crashed  right 
Hon  generates  if  problems  ;  after  my  last  e-mail  to  you. 

occur.' But  Hie  log  hie  reveals  ;  They  think  1  may  have  had  a 
nothing,  and  hsh  begins  to  1  virus.  Should  1  have  called?" 

get  concerned.  He  asks  the 

user  to  write  down  what  he  j  Just  Following  Orders 
did.  step  by  step,  just  before  j  Phone  company  tech  shows 

and  the  tech  proceeded  to 
decom  the  two  new  routers," 
hsh  says.  ‘Later  that  evening, 
when  the  configuraUons  and 

applied  and  the  routers  were 
back  up,  tech  was  informed 
that  he’s  banned  from  that 
customer  site  for  life." 

Who  Knew? 

Pilot  hsh  works  the  late  shift, 
so  he's  not  due  at  the  office 

■  Sharky’s  up  and  running  and 
waitingfor  your  true  tale  of  IT 
tife.Send  it  to  meatsharky@ 
computerworld.com.  I’ll  send 
you  a  stylish  Shark  shirt  if  I 

0  NEED  TO  VENT  YOUR  SPLEEN? 

forcing  waters  of 

Shark  Bait.  Its  therapeutic! 

the  error  occurred.  User  does.  |  up  at  this  business  to  install 
and  hsh  runs  through  the  I  two  new  high-availability 

steps  on  his  end  without  any  1  routers,  replacing  a  single 

unH1 10  a.m.  But  at  8:45  a.m., 
he  gets  a  call  from  a  col¬ 
league:  The  server  is  dead. 

0  CHECK  OUT  Sharky's  blog,  browse  the 
|  Sharkives  and  sign  up  for  Shark  Tank  home  | 

KimPennett 

Print  Display  Advertising 

(506)820-8232 
Fu  (506)  879-0446 


Encuthn  Assistant  Kelly  McGill 
Fu  (508)  626-8524 


Jute  Lynch 


Sean  Weglage  (415)  978-3314 
Fu  (415)  543-8010 


Ronald  L.  Milton 
(508)820-8661 


5  Kabach  (610)  971-1588 


Deborah  Crimmlngs  (508)  271-7110 


Jim  Barrett  (415)  978-3306 


(46)978*313 
Fu  (415)  543-8010 

(415)978-3309 
Fu  (415)  543-8010 
Matthew  Wintnngham 
(508)270-3882 
Fu  (508)270-3882 


1(508)271-7108 


i  Rosa  (415)  978-! 


P.O.Box  9171.  ISpeen  Street 
Framingham,  MA  01701 
Fu  (508)  270-3882 


501  Second  Street.  Suite  11 
San  Francisco.  CA  94107 
Fu  (415)  543-8010 


Don  Tennant 
(508)620-7714 


Bill  Rigby  (508)  820-801 
Fu  (508)  270-3882 


Bill  Hanck  (949)  442-4006 


Joan  Olson  (508)  270-7112 
Fu  (508)  270-3882 


I  Mayer  (201)634-2324 


iRadzniak  (201)  634-2323 


Dawn  Cora  (508)  820-8133 
Fu  (508)  626-8524 


Suite 360,  Irvine.  CA  92612 
Fu(949)  476-8724 


650  From  Road.  Suite  225 
Paramus.NJ  07652 


Rich  Green  (508)  370-0632 


Lisa  Ladte-Walace  (904)284-r 

Mailing  Address 

5242  River  Park  Villas  Drive 


P.O.Box  9171.  ISpeen  Street 


1(508)270-3882 


MOL 


I  FRANKLY  SPEAKING 


Frank  Hayes 

j 

Under  the  Chrome 


GOOGLE  CHROME?  Hold  that  thought. 

First,  let’s  say  your  organization  has  confiden¬ 
tial  data  —  Social  Security  numbers,  credit  card 
transactions,  customer  sales  information,  anything 
like  that.  Would  you  rather  keep  it  in  your  data  center  or  have 
it  sitting  on  a  user’s  laptop? 

That's  easy;  You  want  it  i  that  your  sales  users  do? 
safe  in  the  data  center.  But  Maybe  —  but  that  re- 
that  makes  the  data  much  |  quires  a  lot  of  trust,  and 
it’s  not  a  decision  that 
anyone  in  IT  should  make 
lightly. 

Which  brings  us  back  to 
Chrome,  the  Web  browser 
that  Google  released  in 
beta  form  last  week  (see 
story,  page  9). 

Much  ink  and  many 
electrons  have  been 
spilled  over  the  fact 
that  Chrome  is  fast  and 
simple  and  designed  to 
run  Web  applications 
well  (especially  Google’s 
Web  applications),  that  it 
won’t  let  one  bad  Web  site 
crash  the  whole  browser, 
that  it  grabbed  a  1%  share 
of  Web  browsing  in  less 
than  a  day. 

And,  of  course,  that  it’s 


less  convenient 
ployee  who  might  have 
used  it  to  analyze  a  trend, 
identify  fraud  or  close  a 
sale.  It’s  a  trade-off;  to  put 
that  data  to  its  best  use, 
you  might  have  to  give  up 
some  control  and  entrust 
that  user  with  the  data. 

Now  what  about  this: 
Say  you’re  going  to  hand 
over  a  critical  chunk  of 
your  IT  infrastructure  to 
an  outsider.  Where  do  you 
draw  the  line?  At  turning 
over  all  IT  operations  to 
an  outsourcer?  At  letting 
Salesforce.com  own  your 
sales  force  automation?  At 
bringing  in  a  consultant 
to  run  your  online  retail 
operation?  At  third-party 
Web  hosting?  At  leased  T1 
network  lines? 

Chances  are  your  com¬ 
fort  zone  ends  somewhere 
in  the  neighborhood  of 
Salesforce.  Software  as  a 
service  still  makes  many 
IT  people  a  little  queasy. 
Will  the  advantages  be 
worth  having  an  outsider 
so  involved  in  everything 


■  Google  doesn’t 
see  Chrome  as  just 


It’s  more  like  the 
front  end  fora 


software-as-a- 
service  offering. 


Google’s  “Windows  kill¬ 
er”  (and  good  luck  with 
that  one,  kids). 

But  it’s  really  just  a 
Web  browser,  right?  No. 
At  least,  not  the  way 
we’ve  thought  about  Web 
browsers  before. 

Most  browsers  send 
HTTP  messages  to  far-off 
Web  servers,  which  re¬ 
spond  with  HTML  pages. 
Chrome  spends  nearly  as 
much  time  phoning  home 
to  Google  as  it  does  talk¬ 
ing  to  other  Web  servers. 

Type  in  a  Web  address 
that  doesn’t  exist  and 
Chrome  will  send  it  to 
Google  for  help  finding 
the  right  address. 

Type  in  an  address  that 
Google  has  flagged  as  a 
phishing  or  malware  site 
and  Chrome  will  send  an 
obfuscated  version  of  the 
address  to  Google  to  get 
more  information  about 
the  risk. 

Type  anything  at  all 
into  the  address  bar  and 
Chrome  will  send  the 
keystrokes  to  Google  for 
help  suggesting  what  you 
may  be  looking  for. 

And  that  doesn’t  in¬ 


clude  the  usage  statistics 
and  other  information 
that  Chrome  sends  home 
for  Google  to  use  “in 
order  to  operate  and  im¬ 
prove  Google  Chrome 
and  other  Google  ser¬ 
vices,"  according  to 
Google’s  privacy  notice 
for  Chrome. 

You  can  turn  much  of 
that  phoning-home  off,  or 
at  least  reduce  it.  But  it’s 
clear  that  Google  doesn’t 
see  Chrome  as  just  an¬ 
other  browser.  It’s  more 
like  the  front  end  for  a 
Web-browsing  software- 
as-a-service  offering. 

Feeling  queasy? 

Relax.  Right  now, 
Chrome  is  a  beta  with  sig¬ 
nificant  security  problems 
yet  to  be  addressed.  By 
definition,  it’s  not  ready 
—  that’s  what  beta  means. 

Bugs  and  security 
holes  will  be  fixed.  But 
Chrome’s  basic  business 
model  won’t  change. 

So  when  you  start 
evaluating  it  —  and  you 
should  —  don’t  just  test 
how  well  it  serves  up  Web 
applications,  how  robust 
it  is  or  whether  it  really  is 
a  better  browser. 

Think  about  this; 

Are  you  ready  to  trust 
a  software-as-a-service 
model  for  just  about  ev¬ 
erything  your  users  do? 

Because  that’s  Google 
Chrome.* 

Frank  Hayas  is  Computer- 
world’s  senior  news 
columnist.  Contact  him 
at  frank_hayes@ 
computerworld.com. 


The  fastest  way  to  have  a  connected  workplace. 


Work  with  InterSystems  Ensemble*  software  to  raise  interfaces,  rules-based  business  processes,  dashboards, 
productivity  and  lower  costs.  and  other  innovations  -  without  rewriting  your  code. 

Ensemble  is  a  rapid  integration  and  development  Ensemble’s  technology  stack  includes  the  world's 

platform  that  makes  it  much  easier  to  connect  applications,  fastest  object  database  -  InterSystems  Cache*.  Cache's 
processes,  and  people.  IT  managers  who  have  switched  lightning  speed,  massive  scalability,  and  rapid  development 
from  other  integration  products  report  they  can  finish  environment  give  Ensemble  unmatched  capabilities, 

projects  in  half  the  time  with  Ensemble.  For  30  years,  we've  been  a  creative  technology 

For  your  future  development  efforts,  if  you  embed  partner  for  leading  enterprises  that  rely  on  the  high 

Ensemble  you  can  create  a  new  class  of  applications  that  performance  of  our  products.  Ensemble  and  Cache  are 

are  connectable.  Plus,  you'll  be  able  to  enhance  legacy  so  reliable  that  the  world’s  best  hospitals  use  them  for 

applications  with  adaptable  workflow,  browser-based  user  life-or-death  systems. 


InterSystems 


See  product  demonstrations  at  InterSystems.com/Connectl5A 


